Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43542 Information Exposure Through an Error Message vulnerability in multiple products
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.
network
low complexity
mozilla debian CWE-209
6.5
2021-12-08 CVE-2021-43543 Cross-site Scripting vulnerability in multiple products
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
network
low complexity
mozilla debian CWE-79
6.1
2021-12-08 CVE-2021-43545 Excessive Iteration vulnerability in multiple products
Using the Location API in a loop could have caused severe application hangs and crashes.
network
low complexity
mozilla debian CWE-834
6.5
2021-12-08 CVE-2021-43546 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
network
low complexity
mozilla debian CWE-1021
4.3
2021-12-06 CVE-2021-43784 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
network
high complexity
linuxfoundation debian
5.0
2021-11-29 CVE-2019-8921 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-345
6.5
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php netapp debian tenable
5.3
2021-11-23 CVE-2021-37999 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-79
6.1
2021-11-23 CVE-2021-38000 Open Redirect vulnerability in multiple products
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-601
6.1
2021-11-23 CVE-2021-38004 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian CWE-668
4.3