Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-23	CVE-2021-4054	Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2021-12-23	CVE-2021-4059	Improper Input Validation vulnerability in multiple products Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian CWE-20	6.5
2021-12-23	CVE-2021-4068	Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian CWE-116	6.5
2021-12-21	CVE-2021-45293	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. local low complexity webassembly fedoraproject CWE-119	5.5
2021-11-29	CVE-2021-3802	A vulnerability found in udisks2. local low complexity udisks-project fedoraproject redhat	4.2
2021-11-26	CVE-2021-44225	In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. network low complexity keepalived fedoraproject	5.4
2021-11-23	CVE-2021-37999	Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. network low complexity google fedoraproject debian CWE-79	6.1
2021-11-23	CVE-2021-38000	Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. network low complexity google fedoraproject debian CWE-601	6.1
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-11-22	CVE-2021-43558	Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-79	6.1