High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-22	CVE-2021-0232	Authentication Bypass by Spoofing vulnerability in multiple products An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. network high complexity juniper fedoraproject CWE-290	7.4
2021-04-22	CVE-2021-23133	Race Condition vulnerability in multiple products A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. local high complexity linux fedoraproject debian netapp broadcom CWE-362	7.0
2021-04-21	CVE-2021-28965	The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. network low complexity ruby-lang fedoraproject	7.5
2021-04-19	CVE-2021-29457	Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. local low complexity exiv2 fedoraproject debian	7.8
2021-04-15	CVE-2021-20288	Improper Authentication vulnerability in multiple products An authentication flaw was found in ceph in versions before 14.2.20. network low complexity linuxfoundation redhat fedoraproject debian CWE-287	7.2
2021-04-14	CVE-2021-28484	Infinite Loop vulnerability in multiple products An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). network low complexity yubico fedoraproject CWE-835	7.5
2021-04-14	CVE-2021-22879	Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. network low complexity nextcloud fedoraproject CWE-74	8.8
2021-04-14	CVE-2020-36323	Use of Externally-Controlled Format String vulnerability in multiple products In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. network low complexity rust-lang fedoraproject CWE-134	8.2
2021-04-11	CVE-2021-28878	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. network low complexity rust-lang fedoraproject CWE-119	7.5
2021-04-09	CVE-2021-21199	Use After Free vulnerability in multiple products Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8