Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-27	CVE-2021-28699	inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. local low complexity xen fedoraproject debian	5.5
2021-08-27	CVE-2021-28700	Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. network low complexity xen fedoraproject debian CWE-770	4.9
2021-08-26	CVE-2021-30594	Use After Free vulnerability in multiple products Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. low complexity google fedoraproject CWE-416	6.8
2021-08-26	CVE-2021-30596	Origin Validation Error vulnerability in multiple products Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google fedoraproject CWE-346	4.3
2021-08-26	CVE-2021-30597	Use After Free vulnerability in multiple products Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. low complexity google fedoraproject CWE-416	6.8
2021-08-24	CVE-2021-30887	A logic issue was addressed with improved restrictions. network low complexity apple fedoraproject debian	6.5
2021-08-24	CVE-2021-30890	Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. network low complexity apple fedoraproject debian CWE-79	6.1
2021-08-23	CVE-2021-39140	XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle	6.3
2021-08-23	CVE-2021-37750	NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. network low complexity mit fedoraproject debian starwindsoftware oracle CWE-476	6.5
2021-08-22	CVE-2021-39358	Improper Certificate Validation vulnerability in multiple products In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. network high complexity gnome fedoraproject CWE-295	5.9