Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-23	CVE-2021-37999	Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. network low complexity google fedoraproject debian CWE-79	6.1
2021-11-23	CVE-2021-38000	Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. network low complexity google fedoraproject debian CWE-601	6.1
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-11-22	CVE-2021-43558	Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-79	6.1
2021-11-22	CVE-2021-43560	Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-668	5.3
2021-11-19	CVE-2021-44025	Cross-site Scripting vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. network low complexity roundcube fedoraproject debian CWE-79	6.1
2021-11-18	CVE-2021-27025	A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. network low complexity puppet fedoraproject	6.5
2021-11-17	CVE-2021-41190	The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. network low complexity linuxfoundation fedoraproject	5.0
2021-11-17	CVE-2021-41164	CKEditor4 is an open source WYSIWYG HTML editor. network low complexity ckeditor drupal oracle fedoraproject	5.4
2021-11-17	CVE-2021-43975	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. local low complexity linux fedoraproject debian netapp CWE-787	6.7