Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-23 CVE-2021-38020 Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
2021-12-23 CVE-2021-38021 Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-38022 Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-4054 Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
2021-12-23 CVE-2021-4059 Improper Input Validation vulnerability in multiple products
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-20
6.5
2021-12-23 CVE-2021-4068 Improper Encoding or Escaping of Output vulnerability in multiple products
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-116
6.5
2021-12-23 CVE-2021-4078 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8
2021-12-23 CVE-2021-4079 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.
6.8
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-16 CVE-2021-45098 An issue was discovered in Suricata before 6.0.4.
network
low complexity
oisf debian
5.0