Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-28	CVE-2021-44832	Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. network high complexity apache oracle cisco fedoraproject debian CWE-20	6.6
2021-12-24	CVE-2021-45471	In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. network low complexity mediawiki fedoraproject	5.3
2021-12-24	CVE-2021-45472	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45473	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45474	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-23	CVE-2021-3622	A flaw was found in the hivex library. network low complexity redhat fedoraproject	4.3
2021-12-23	CVE-2021-4024	Origin Validation Error vulnerability in multiple products A flaw was found in podman. network low complexity podman-project fedoraproject redhat CWE-346	6.5
2021-12-23	CVE-2021-38009	Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian CWE-203	6.5
2021-12-23	CVE-2021-38010	Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2021-12-23	CVE-2021-38018	Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google fedoraproject debian	6.5