High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-12	CVE-2021-23240	Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. local low complexity sudo-project netapp fedoraproject CWE-59	7.8
2021-01-12	CVE-2020-35654	Out-of-bounds Write vulnerability in multiple products In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. network low complexity python fedoraproject CWE-787	8.8
2021-01-12	CVE-2020-35653	Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. network low complexity python fedoraproject debian CWE-125	7.1
2021-01-11	CVE-2020-35701	SQL Injection vulnerability in multiple products An issue was discovered in Cacti 1.2.x through 1.2.16. network low complexity cacti fedoraproject CWE-89	8.8
2021-01-08	CVE-2021-21116	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-787	8.8
2021-01-08	CVE-2021-21114	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-01-08	CVE-2021-21113	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-787	8.8
2021-01-08	CVE-2021-21112	Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-01-08	CVE-2020-16043	Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. network low complexity google debian fedoraproject	8.8
2021-01-06	CVE-2020-8265	Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. network high complexity nodejs debian fedoraproject oracle siemens CWE-416	8.1