CVE List - 2022 / January
Showing 1 - 100 of 1988 CVEs for January 2022 (Page 1 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-44716 | 2022-01-01 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
| CVE-2021-44717 | 2022-01-01 | Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0... |
| CVE-2021-41819 | 2022-01-01 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. |
| CVE-2021-43333 | 2022-01-01 | The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings. |
| CVE-2021-44852 | 2022-01-01 | An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary... |
| CVE-2021-45960 | 2022-01-01 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes,... |
| CVE-2021-45972 | 2022-01-01 | The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to... |
| CVE-2021-44896 | 2022-01-01 | DMP Roadmap before 3.0.4 allows XSS. |
| CVE-2022-22293 | 2022-01-01 | admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. |
| CVE-2021-36751 | 2022-01-02 | ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is... |
| CVE-2022-0080 | 2022-01-02 | Heap-based Buffer Overflow in mruby/mruby |
| CVE-2022-0079 | 2022-01-03 | Generation of Error Message Containing Sensitive Information in star7th/showdoc |
| CVE-2021-25981 | 2022-01-03 | Talkyard - Insufficient Session Expiration |
| CVE-2021-25994 | 2022-01-03 | Userfrosting - Host-Header Injection Leads to Account Takeover |
| CVE-2020-11263 | 2022-01-03 | An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-1894 | 2022-01-03 | Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice... |
| CVE-2021-1918 | 2022-01-03 | Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30262 | 2022-01-03 | Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2021-30267 | 2022-01-03 | Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30268 | 2022-01-03 | Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-30269 | 2022-01-03 | Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30270 | 2022-01-03 | Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2021-30271 | 2022-01-03 | Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2021-30272 | 2022-01-03 | Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2021-30273 | 2022-01-03 | Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2021-30274 | 2022-01-03 | Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-30275 | 2022-01-03 | Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-30276 | 2022-01-03 | Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired... |
| CVE-2021-30278 | 2022-01-03 | Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music,... |
| CVE-2021-30279 | 2022-01-03 | Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired... |
| CVE-2021-30282 | 2022-01-03 | Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30283 | 2022-01-03 | Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30289 | 2022-01-03 | Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-30293 | 2022-01-03 | Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT |
| CVE-2021-30298 | 2022-01-03 | Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT,... |
| CVE-2021-30303 | 2022-01-03 | Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-30335 | 2022-01-03 | Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30336 | 2022-01-03 | Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2021-30337 | 2022-01-03 | Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2021-30348 | 2022-01-03 | Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-30351 | 2022-01-03 | An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2021-35093 | 2022-01-03 | Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore |
| CVE-2021-44158 | 2022-01-03 | ASUS RT-AX56U Router - Stack-based buffer overflow |
| CVE-2021-45916 | 2022-01-03 | SUN & MOON RISE CO., LTD. Shockwall - Improper Input Validation |
| CVE-2021-45917 | 2022-01-03 | SUN & MOON RISE CO., LTD. Shockwall - Improper Authentication |
| CVE-2021-44674 | 2022-01-03 | An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. |
| CVE-2021-24680 | 2022-01-03 | WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting |
| CVE-2021-24786 | 2022-01-03 | Download Monitor < 4.4.5 - Admin+ SQL Injection |
| CVE-2021-24828 | 2022-01-03 | Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24831 | 2022-01-03 | Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls |
| CVE-2021-24893 | 2022-01-03 | Stars Rating < 3.5.1 - Comments Denial of Service |
| CVE-2021-24963 | 2022-01-03 | LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting |
| CVE-2021-24964 | 2022-01-03 | LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS |
| CVE-2021-24973 | 2022-01-03 | Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24991 | 2022-01-03 | WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting |
| CVE-2021-24999 | 2022-01-03 | Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module |
| CVE-2021-25000 | 2022-01-03 | Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module |
| CVE-2021-25001 | 2022-01-03 | Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module |
| CVE-2021-25016 | 2022-01-03 | Chaty < 2.8.3 - Reflected Cross-Site Scripting |
| CVE-2021-25020 | 2022-01-03 | CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal |
| CVE-2021-25021 | 2022-01-03 | OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal |
| CVE-2021-25023 | 2022-01-03 | Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection |
| CVE-2021-25022 | 2022-01-03 | UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting |
| CVE-2021-25027 | 2022-01-03 | PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting |
| CVE-2021-25030 | 2022-01-03 | Events Made Easy < 2.2.36 - Subscriber+ SQL Injection |
| CVE-2021-25040 | 2022-01-03 | Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting |
| CVE-2021-45428 | 2022-01-03 | TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. |
| CVE-2021-46109 | 2022-01-03 | Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. |
| CVE-2021-3837 | 2022-01-03 | Improper Authorization in openwhyd/openwhyd |
| CVE-2020-23026 | 2022-01-03 | A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). |
| CVE-2021-20147 | 2022-01-03 | ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain... |
| CVE-2021-20148 | 2022-01-03 | ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP... |
| CVE-2021-37120 | 2022-01-03 | There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. |
| CVE-2021-37121 | 2022-01-03 | There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. |
| CVE-2021-37098 | 2022-01-03 | Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. |
| CVE-2021-37116 | 2022-01-03 | PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. |
| CVE-2021-37125 | 2022-01-03 | Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. |
| CVE-2021-37126 | 2022-01-03 | Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. |
| CVE-2021-37128 | 2022-01-03 | HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. |
| CVE-2021-37132 | 2022-01-03 | PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission. |
| CVE-2021-37134 | 2022-01-03 | Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. |
| CVE-2021-39968 | 2022-01-03 | Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. |
| CVE-2021-39970 | 2022-01-03 | HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. |
| CVE-2021-39971 | 2022-01-03 | Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. |
| CVE-2021-39972 | 2022-01-03 | MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. |
| CVE-2021-39975 | 2022-01-03 | Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. |
| CVE-2021-39978 | 2022-01-03 | Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. |
| CVE-2021-39979 | 2022-01-03 | HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. |
| CVE-2021-39980 | 2022-01-03 | Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. |
| CVE-2021-39981 | 2022-01-03 | Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. |
| CVE-2021-39982 | 2022-01-03 | Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. |
| CVE-2021-37111 | 2022-01-03 | There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. |
| CVE-2021-37113 | 2022-01-03 | There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-37114 | 2022-01-03 | There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-37117 | 2022-01-03 | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. |
| CVE-2021-37119 | 2022-01-03 | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. |
| CVE-2021-37112 | 2022-01-03 | Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. |
| CVE-2021-37118 | 2022-01-03 | The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak. |
| CVE-2021-39977 | 2022-01-03 | The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |
| CVE-2021-39983 | 2022-01-03 | The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |