High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-09	CVE-2021-21143	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. network low complexity google fedoraproject CWE-787	8.8
2021-02-08	CVE-2020-36152	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. network low complexity symonics fedoraproject CWE-120	8.8
2021-02-02	CVE-2021-21289	OS Command Injection vulnerability in multiple products Mechanize is an open-source ruby library that makes automated web interaction easy. network high complexity mechanize-project fedoraproject debian CWE-78	8.3
2021-01-29	CVE-2021-3347	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.11. local low complexity linux debian fedoraproject CWE-416	7.8
2021-01-26	CVE-2021-3156	Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193	7.8
2021-01-26	CVE-2021-3115	Uncontrolled Search Path Element vulnerability in multiple products Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). network high complexity golang fedoraproject netapp CWE-427	7.5
2021-01-20	CVE-2020-25682	A flaw was found in dnsmasq before 2.83. network high complexity thekelleys fedoraproject debian	8.1
2021-01-20	CVE-2020-25681	A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian	8.1
2021-01-19	CVE-2020-14409	Integer Overflow or Wraparound vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. local low complexity libsdl fedoraproject debian starwindsoftware CWE-190	7.8
2021-01-18	CVE-2020-36193	Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. network low complexity php fedoraproject debian drupal CWE-59	7.5