Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-01	CVE-2021-45943	Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). local low complexity osgeo debian fedoraproject oracle CWE-787	5.5
2022-01-01	CVE-2021-45958	Out-of-bounds Write vulnerability in multiple products UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). local low complexity ultrajson-project debian fedoraproject CWE-787	5.5
2021-12-31	CVE-2021-4193	Out-of-bounds Read vulnerability in multiple products vim is vulnerable to Out-of-bounds Read local low complexity vim fedoraproject debian apple CWE-125	5.5
2021-12-30	CVE-2021-4183	Out-of-bounds Read vulnerability in multiple products Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file local low complexity wireshark fedoraproject oracle CWE-125	5.5
2021-12-28	CVE-2021-44832	Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. network high complexity apache oracle cisco fedoraproject debian CWE-20	6.6
2021-12-24	CVE-2021-45471	In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. network low complexity mediawiki fedoraproject	5.3
2021-12-24	CVE-2021-45472	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45473	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-24	CVE-2021-45474	Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. network low complexity mediawiki fedoraproject CWE-79	6.1
2021-12-23	CVE-2021-3622	Resource Exhaustion vulnerability in multiple products A flaw was found in the hivex library. network low complexity redhat fedoraproject CWE-400	4.3