Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-27	CVE-2021-28696	Incorrect Authorization vulnerability in multiple products IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. low complexity xen fedoraproject debian CWE-863	6.8
2021-08-27	CVE-2021-28698	Infinite Loop vulnerability in multiple products long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. local low complexity xen fedoraproject debian CWE-835	5.5
2021-08-27	CVE-2021-28699	inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. local low complexity xen fedoraproject debian	5.5
2021-08-27	CVE-2021-28700	Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. network low complexity xen fedoraproject debian CWE-770	4.9
2021-08-27	CVE-2020-23226	Cross-site Scripting vulnerability in multiple products Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. network low complexity cacti debian CWE-79	6.1
2021-08-25	CVE-2021-3605	There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. local low complexity openexr redhat debian	5.5
2021-08-24	CVE-2021-30887	A logic issue was addressed with improved restrictions. network low complexity apple fedoraproject debian	6.5
2021-08-24	CVE-2021-30890	Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. network low complexity apple fedoraproject debian CWE-79	6.1
2021-08-23	CVE-2021-39140	XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle	6.3
2021-08-23	CVE-2021-3731	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. network low complexity ledgersmb debian CWE-1021	4.7