Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-23	CVE-2021-37999	Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. network low complexity google fedoraproject debian CWE-79	6.1
2021-11-23	CVE-2021-38000	Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. network low complexity google fedoraproject debian CWE-601	6.1
2021-11-23	CVE-2021-38004	Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network google debian CWE-668	4.3
2021-11-19	CVE-2021-39923	Excessive Iteration vulnerability in multiple products Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file network low complexity wireshark debian CWE-834	5.0
2021-11-19	CVE-2021-44025	Cross-site Scripting vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. network low complexity roundcube fedoraproject debian CWE-79	6.1
2021-11-17	CVE-2021-43975	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. local low complexity linux fedoraproject debian netapp CWE-787	6.7
2021-11-17	CVE-2021-43976	In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). low complexity linux fedoraproject debian netapp oracle	4.6
2021-11-15	CVE-2021-22959	HTTP Request Smuggling vulnerability in multiple products The parser in accepts requests with a space (SP) right after the header name before the colon. network low complexity llhttp oracle debian CWE-444	6.5
2021-11-12	CVE-2021-41229	Memory Leak vulnerability in multiple products BlueZ is a Bluetooth protocol stack for Linux. low complexity bluez debian CWE-401	6.5
2021-11-12	CVE-2021-43331	Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. network low complexity gnu debian CWE-79	6.1