Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-27	CVE-2021-28699	inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. local low complexity xen fedoraproject debian	5.5
2021-08-27	CVE-2021-28700	Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. network low complexity xen fedoraproject debian CWE-770	4.9
2021-08-27	CVE-2020-23226	Cross-site Scripting vulnerability in multiple products Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. network low complexity cacti debian CWE-79	6.1
2021-08-25	CVE-2021-3605	There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. local low complexity openexr redhat debian	5.5
2021-08-24	CVE-2021-30887	A logic issue was addressed with improved restrictions. network low complexity apple fedoraproject debian	6.5
2021-08-24	CVE-2021-30890	Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. network low complexity apple fedoraproject debian CWE-79	6.1
2021-08-23	CVE-2021-39140	XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle	6.3
2021-08-23	CVE-2021-3731	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. network low complexity ledgersmb debian CWE-1021	4.7
2021-08-23	CVE-2021-37750	NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. network low complexity mit fedoraproject debian starwindsoftware oracle CWE-476	6.5
2021-08-22	CVE-2021-39365	Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. network high complexity gnome debian CWE-295	5.9