Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-20	CVE-2021-35578	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). network low complexity oracle netapp debian fedoraproject	5.3
2021-10-20	CVE-2021-35586	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). network low complexity oracle netapp fedoraproject debian	5.3
2021-10-20	CVE-2021-42739	Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. local low complexity linux fedoraproject debian starwindsoftware oracle CWE-787	6.7
2021-10-13	CVE-2021-40732	NULL Pointer Dereference vulnerability in multiple products XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. local low complexity adobe debian CWE-476	6.1
2021-10-12	CVE-2021-42326	Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. network low complexity redmine debian	5.3
2021-10-12	CVE-2021-3671	NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). network low complexity samba debian netapp CWE-476	6.5
2021-10-08	CVE-2021-37958	Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google fedoraproject debian	5.4
2021-10-08	CVE-2021-37963	Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. network low complexity google fedoraproject debian	4.3
2021-10-08	CVE-2021-37965	Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian	4.3
2021-10-08	CVE-2021-37966	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google fedoraproject debian CWE-346	4.3