Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-29	CVE-2021-21707	In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. network low complexity php netapp debian tenable	5.3
2021-11-23	CVE-2021-37999	Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. network low complexity google fedoraproject debian CWE-79	6.1
2021-11-23	CVE-2021-38000	Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. network low complexity google fedoraproject debian CWE-601	6.1
2021-11-23	CVE-2021-38004	Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian CWE-668	4.3
2021-11-19	CVE-2021-44025	Cross-site Scripting vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. network low complexity roundcube fedoraproject debian CWE-79	6.1
2021-11-17	CVE-2021-43975	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. local low complexity linux fedoraproject debian netapp CWE-787	6.7
2021-11-17	CVE-2021-43976	In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). low complexity linux fedoraproject debian netapp oracle	4.6
2021-11-15	CVE-2021-22959	HTTP Request Smuggling vulnerability in multiple products The parser in accepts requests with a space (SP) right after the header name before the colon. network low complexity llhttp oracle debian CWE-444	6.5
2021-11-12	CVE-2021-41229	Memory Leak vulnerability in multiple products BlueZ is a Bluetooth protocol stack for Linux. low complexity bluez debian CWE-401	6.5
2021-11-12	CVE-2021-43331	Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. network low complexity gnu debian CWE-79	6.1