Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-20	CVE-2021-42762	BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. local low complexity webkitgtk wpewebkit fedoraproject debian	5.3
2021-10-20	CVE-2021-35604	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). network low complexity oracle netapp fedoraproject mariadb	5.5
2021-10-20	CVE-2021-42739	Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. local low complexity linux fedoraproject debian starwindsoftware oracle CWE-787	6.7
2021-10-19	CVE-2021-3746	A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. network low complexity libtpms-project fedoraproject redhat	6.5
2021-10-15	CVE-2021-3875	vim is vulnerable to Heap-based Buffer Overflow local low complexity vim fedoraproject	5.5
2021-10-11	CVE-2021-41798	Cross-site Scripting vulnerability in multiple products MediaWiki before 1.36.2 allows XSS. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-10-11	CVE-2021-41800	Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). network low complexity mediawiki fedoraproject CWE-770	5.3
2021-10-08	CVE-2021-37958	Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google fedoraproject debian	5.4
2021-10-08	CVE-2021-37963	Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. network low complexity google fedoraproject debian	4.3
2021-10-08	CVE-2021-37965	Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject debian	4.3