Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-24	CVE-2021-45472	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45473	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45474	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-23	CVE-2021-3622	A flaw was found in the hivex library. network low complexity redhat fedoraproject	4.3
2021-12-23	CVE-2021-4024	Origin Validation Error vulnerability in multiple products A flaw was found in podman. network low complexity podman-project fedoraproject redhat CWE-346	6.5
2021-12-23	CVE-2021-38009	Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian CWE-203	6.5
2021-12-23	CVE-2021-38010	Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2021-12-23	CVE-2021-38018	Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2021-12-23	CVE-2021-38019	Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian CWE-670	6.5
2021-12-23	CVE-2021-38020	Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google fedoraproject debian	4.3