High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-27	CVE-2022-23181	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. local high complexity apache oracle debian CWE-367	7.0
2022-01-26	CVE-2022-23990	Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. network low complexity libexpat-project tenable oracle debian fedoraproject siemens CWE-190	7.5
2022-01-26	CVE-2022-0368	Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. local low complexity vim debian apple CWE-125	7.8
2022-01-26	CVE-2021-22600	Double Free vulnerability in multiple products A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. local high complexity linux debian netapp CWE-415	7.0
2022-01-26	CVE-2022-0361	Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. local low complexity vim debian apple CWE-122	7.8
2022-01-26	CVE-2022-0359	Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. local low complexity vim debian apple CWE-122	7.8
2022-01-25	CVE-2022-0351	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. local low complexity vim debian apple CWE-119	7.8
2022-01-25	CVE-2022-23033	Improper Resource Shutdown or Release vulnerability in multiple products arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. local low complexity xen fedoraproject debian CWE-404	7.8
2022-01-25	CVE-2021-45342	Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. local low complexity librecad fedoraproject debian CWE-120	7.8
2022-01-25	CVE-2021-45844	OS Command Injection vulnerability in multiple products Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. local low complexity freecadweb debian CWE-78	7.8