Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43543 Cross-site Scripting vulnerability in multiple products
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
network
low complexity
mozilla debian CWE-79
6.1
2021-12-08 CVE-2021-43545 Excessive Iteration vulnerability in multiple products
Using the Location API in a loop could have caused severe application hangs and crashes.
network
low complexity
mozilla debian CWE-834
6.5
2021-12-08 CVE-2021-43546 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
network
low complexity
mozilla debian CWE-1021
4.3
2021-12-06 CVE-2021-43784 Integer Overflow or Wraparound vulnerability in multiple products
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
network
high complexity
linuxfoundation debian CWE-190
5.0
2021-11-29 CVE-2019-8921 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-345
6.5
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php netapp debian tenable
5.3
2021-11-23 CVE-2021-37999 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-79
6.1
2021-11-23 CVE-2021-38000 Open Redirect vulnerability in multiple products
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-601
6.1
2021-11-23 CVE-2021-38004 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian CWE-668
4.3
2021-11-19 CVE-2021-44025 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1