Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-31	CVE-2022-24130	Classic Buffer Overflow vulnerability in multiple products xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. local low complexity invisible-island debian fedoraproject CWE-120	5.5
2022-01-28	CVE-2021-4160	There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. network high complexity openssl debian oracle siemens	5.9
2022-01-26	CVE-2021-22570	NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. local low complexity google debian fedoraproject oracle netapp CWE-476	5.5
2022-01-25	CVE-2022-23034	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. local low complexity xen fedoraproject debian CWE-191	5.5
2022-01-25	CVE-2022-23035	Incomplete Cleanup vulnerability in multiple products Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. low complexity xen fedoraproject debian CWE-459	4.6
2022-01-25	CVE-2021-45343	NULL Pointer Dereference vulnerability in multiple products In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. local low complexity librecad fedoraproject debian CWE-476	5.5
2022-01-21	CVE-2022-0319	Out-of-bounds Read in vim/vim prior to 8.2. local low complexity vim debian apple	5.5
2022-01-19	CVE-2022-21704	log4js-node is a port of log4js to node.js. local low complexity log4js-project debian	5.5
2022-01-19	CVE-2021-23225	Cross-site Scripting vulnerability in multiple products Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. network low complexity cacti debian CWE-79	5.4
2022-01-16	CVE-2022-0235	node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor network low complexity node-fetch-project siemens debian	6.1