Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-24	CVE-2021-30890	Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. network low complexity apple fedoraproject debian CWE-79	6.1
2021-08-23	CVE-2021-39140	Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-835	6.3
2021-08-23	CVE-2021-3731	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. network low complexity ledgersmb debian CWE-1021	4.7
2021-08-23	CVE-2021-37750	NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. network low complexity mit fedoraproject debian starwindsoftware oracle CWE-476	6.5
2021-08-22	CVE-2021-39365	Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. network high complexity gnome debian CWE-295	5.9
2021-08-18	CVE-2021-32728	Improper Certificate Validation vulnerability in multiple products The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. network low complexity nextcloud debian CWE-295	6.5
2021-08-17	CVE-2021-39241	An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. network low complexity haproxy debian fedoraproject	5.3
2021-08-16	CVE-2021-22939	Improper Certificate Validation vulnerability in multiple products If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. network low complexity nodejs oracle netapp siemens debian CWE-295	5.3
2021-08-13	CVE-2021-37695	Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. network low complexity ckeditor debian fedoraproject oracle CWE-79	5.4
2021-08-10	CVE-2020-21675	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. local low complexity fig2dev-project debian CWE-787	5.5