Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-21	CVE-2021-42715	Infinite Loop vulnerability in multiple products An issue was discovered in stb stb_image.h 1.33 through 2.27. local low complexity nothings fedoraproject debian CWE-835	5.5
2021-10-21	CVE-2021-42096	Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. network low complexity gnu debian CWE-307	4.3
2021-10-20	CVE-2021-42762	BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. local low complexity webkitgtk wpewebkit fedoraproject debian	5.3
2021-10-20	CVE-2021-42739	Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. local low complexity linux fedoraproject debian starwindsoftware oracle CWE-787	6.7
2021-10-12	CVE-2021-42326	Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. network low complexity redmine debian	5.3
2021-10-12	CVE-2021-3671	NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). network low complexity samba debian netapp CWE-476	6.5
2021-10-08	CVE-2021-37958	Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google fedoraproject debian	5.4
2021-10-08	CVE-2021-37963	Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. network low complexity google fedoraproject debian	4.3
2021-10-08	CVE-2021-37965	Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian	4.3
2021-10-08	CVE-2021-37966	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google fedoraproject debian CWE-346	4.3