Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-07	CVE-2021-30539	Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. network low complexity google fedoraproject CWE-863	5.4
2021-06-07	CVE-2021-30540	Injection vulnerability in multiple products Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google fedoraproject CWE-74	6.5
2021-06-07	CVE-2021-33896	Path Traversal vulnerability in multiple products Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. network low complexity dino fedoraproject CWE-22	5.3
2021-06-04	CVE-2021-3565	Use of Hard-coded Credentials vulnerability in multiple products A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. network high complexity tpm2-tools-project redhat fedoraproject CWE-798	5.9
2021-06-02	CVE-2021-28678	Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. local low complexity python fedoraproject CWE-345	5.5
2021-06-02	CVE-2019-12067	NULL Pointer Dereference vulnerability in multiple products The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. local low complexity qemu debian fedoraproject redhat CWE-476	6.5
2021-06-02	CVE-2021-28675	Unchecked Return Value vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. local low complexity python fedoraproject CWE-252	5.5
2021-06-02	CVE-2020-35503	A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. local low complexity qemu fedoraproject	6.0
2021-06-01	CVE-2021-3543	Use After Free vulnerability in multiple products A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. local low complexity nitro-enclaves-project redhat fedoraproject CWE-416	6.7
2021-05-28	CVE-2021-33620	Improper Input Validation vulnerability in multiple products Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. network low complexity squid-cache fedoraproject debian CWE-20	6.5