Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-05	CVE-2021-45452	Path Traversal vulnerability in multiple products Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. network low complexity djangoproject fedoraproject CWE-22	5.3
2022-01-01	CVE-2021-45930	Out-of-bounds Write vulnerability in multiple products Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). local low complexity qt fedoraproject debian CWE-787	5.5
2022-01-01	CVE-2021-45931	Out-of-bounds Write vulnerability in multiple products HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). network low complexity harfbuzz-project fedoraproject CWE-787	6.5
2022-01-01	CVE-2021-45942	Out-of-bounds Write vulnerability in multiple products OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). local low complexity openexr fedoraproject debian CWE-787	5.5
2022-01-01	CVE-2021-45943	Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). local low complexity osgeo debian fedoraproject oracle CWE-787	5.5
2022-01-01	CVE-2021-45958	Out-of-bounds Write vulnerability in multiple products UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). local low complexity ultrajson-project debian fedoraproject CWE-787	5.5
2021-12-31	CVE-2021-4193	vim is vulnerable to Out-of-bounds Read local low complexity vim fedoraproject debian apple	5.5
2021-12-30	CVE-2021-4183	Out-of-bounds Read vulnerability in multiple products Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file local low complexity wireshark fedoraproject oracle CWE-125	5.5
2021-12-28	CVE-2021-44832	Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. network high complexity apache oracle cisco fedoraproject debian CWE-20	6.6
2021-12-24	CVE-2021-45471	In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. network low complexity mediawiki fedoraproject	5.3