CVE List - 2022 / January
Showing 1001 - 1100 of 1988 CVEs for January 2022 (Page 11 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-38696 | 2022-01-18 | SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability,... |
| CVE-2021-38697 | 2022-01-18 | SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload,... |
| CVE-2021-41551 | 2022-01-18 | Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal... |
| CVE-2021-41550 | 2022-01-18 | Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute... |
| CVE-2022-0260 | 2022-01-18 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-44217 | 2022-01-18 | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS)... |
| CVE-2022-23302 | 2022-01-18 | Deserialization of untrusted data in JMSSink in Apache Log4j 1.x |
| CVE-2022-23305 | 2022-01-18 | SQL injection in JDBC Appender in Apache Log4j V1 |
| CVE-2022-23307 | 2022-01-18 | A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. |
| CVE-2021-4146 | 2022-01-18 | Business Logic Errors in pimcore/pimcore |
| CVE-2022-0262 | 2022-01-18 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-0263 | 2022-01-18 | Unrestricted Upload of File with Dangerous Type in pimcore/pimcore |
| CVE-2021-29872 | 2022-01-18 | IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business... |
| CVE-2020-14110 | 2022-01-18 | AX3600 router sensitive information leaked.There is an unauthorized interface through... |
| CVE-2021-29632 | 2022-01-18 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before... |
| CVE-2021-4083 | 2022-01-18 | A read-after-free memory flaw was found in the Linux kernel's... |
| CVE-2021-37865 | 2022-01-18 | Server-side Denial of Service while processing a specifically crafted GIF file |
| CVE-2021-41809 | 2022-01-18 | SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server. |
| CVE-2021-41807 | 2022-01-18 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts. |
| CVE-2021-41808 | 2022-01-18 | In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs. |
| CVE-2022-0172 | 2022-01-18 | An issue has been discovered in GitLab CE/EE affecting all... |
| CVE-2021-39927 | 2022-01-18 | Server side request forgery protections in GitLab CE/EE versions between... |
| CVE-2022-0152 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2022-0151 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2022-0244 | 2022-01-18 | An issue has been discovered in GitLab CE/EE affecting all... |
| CVE-2022-0124 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to... |
| CVE-2022-0154 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2022-0125 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2022-0093 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to... |
| CVE-2022-0090 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to... |
| CVE-2021-39946 | 2022-01-18 | Improper neutralization of user input in GitLab CE/EE versions 14.3... |
| CVE-2021-39942 | 2022-01-18 | A denial of service vulnerability in GitLab CE/EE affecting all... |
| CVE-2021-39892 | 2022-01-18 | In all versions of GitLab CE/EE since version 12.0, a... |
| CVE-2020-14107 | 2022-01-18 | A stack overflow in the HTTP server of Cast can... |
| CVE-2021-37866 | 2022-01-18 | Session is not invalidated on server-side when user logged out of Boards |
| CVE-2021-37867 | 2022-01-18 | Emails of all users are exposed via one of the Boards APIs |
| CVE-2021-37864 | 2022-01-18 | Users can view the contents of an archived channel when access is explicitly denied by the system admin |
| CVE-2022-22691 | 2022-01-18 | Umbraco Password Reset URL Poison |
| CVE-2022-22690 | 2022-01-18 | Umbraco Remote ApplicationURL Overwrite |
| CVE-2022-0236 | 2022-01-18 | WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure |
| CVE-2021-43353 | 2022-01-18 | Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2022-0232 | 2022-01-18 | User Registration, Login & Landing Pages – LeadMagic <= 1.2.7 Admin+ Stored Cross-Site Scripting |
| CVE-2021-4074 | 2022-01-18 | WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-0233 | 2022-01-18 | ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting |
| CVE-2022-0210 | 2022-01-18 | Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting |
| CVE-2022-0215 | 2022-01-18 | XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2021-29215 | 2022-01-18 | A potential security vulnerability in HPE Ezmeral Data Fabric that... |
| CVE-2022-23083 | 2022-01-18 | NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer... |
| CVE-2022-21683 | 2022-01-18 | Comment reply notifications sent to incorrect users in wagtail |
| CVE-2021-46005 | 2022-01-18 | Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross... |
| CVE-2021-46013 | 2022-01-18 | An unrestricted file upload vulnerability exists in Sourcecodester Free school... |
| CVE-2021-34401 | 2022-01-18 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER,... |
| CVE-2021-34402 | 2022-01-18 | NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC,... |
| CVE-2021-34403 | 2022-01-18 | NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which... |
| CVE-2021-34404 | 2022-01-18 | Android images for T210 provided by NVIDIA contain a vulnerability... |
| CVE-2021-34405 | 2022-01-18 | NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function,... |
| CVE-2021-34406 | 2022-01-18 | NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where... |
| CVE-2021-44840 | 2022-01-18 | An issue was discovered in Delta RM 1.2. Using an... |
| CVE-2021-44838 | 2022-01-18 | An issue was discovered in Delta RM 1.2. Using the... |
| CVE-2021-44839 | 2022-01-18 | An issue was discovered in Delta RM 1.2. It is... |
| CVE-2021-44836 | 2022-01-18 | An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset... |
| CVE-2022-21696 | 2022-01-18 | Username spoofing in OnionShare |
| CVE-2022-23408 | 2022-01-18 | wolfSSL 5.x before 5.1.1 uses non-random IV values in certain... |
| CVE-2022-21673 | 2022-01-18 | OAuth Identity Token exposure in Grafana |
| CVE-2022-21688 | 2022-01-18 | Out-of-bounds Read in Onionshare |
| CVE-2022-21695 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21691 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21693 | 2022-01-18 | Path traversal in Onionshare |
| CVE-2022-21689 | 2022-01-18 | Denial of Service in Onionshare |
| CVE-2022-21692 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21700 | 2022-01-18 | Memory leak in micronaut-core |
| CVE-2022-21690 | 2022-01-18 | Cross-Site Scripting in Onionshare |
| CVE-2022-21694 | 2022-01-18 | OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website |
| CVE-2021-33912 | 2022-01-19 | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that... |
| CVE-2021-33913 | 2022-01-19 | libspf2 before 1.2.11 has a heap-based buffer overflow that might... |
| CVE-2022-21704 | 2022-01-19 | Incorrect Default Permissions in log4js-node |
| CVE-2022-23221 | 2022-01-19 | H2 Console before 2.1.210 allows remote attackers to execute arbitrary... |
| CVE-2022-22152 | 2022-01-19 | Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface |
| CVE-2022-22153 | 2022-01-19 | SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops |
| CVE-2022-22154 | 2022-01-19 | Junos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoS |
| CVE-2022-22155 | 2022-01-19 | Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps |
| CVE-2022-22156 | 2022-01-19 | Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL |
| CVE-2022-22157 | 2022-01-19 | Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled |
| CVE-2022-22159 | 2022-01-19 | Junos OS: An attacker sending crafted packets can cause a traffic and CPU Denial of Service (DoS). |
| CVE-2022-22160 | 2022-01-19 | Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message |
| CVE-2022-22161 | 2022-01-19 | Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic |
| CVE-2022-22162 | 2022-01-19 | Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in |
| CVE-2022-22163 | 2022-01-19 | Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet |
| CVE-2022-22164 | 2022-01-19 | Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled. |
| CVE-2022-22166 | 2022-01-19 | Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received |
| CVE-2022-22167 | 2022-01-19 | Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy |
| CVE-2022-22168 | 2022-01-19 | Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot |
| CVE-2022-22169 | 2022-01-19 | Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device. |
| CVE-2022-22170 | 2022-01-19 | Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset |
| CVE-2022-22171 | 2022-01-19 | Junos OS: Specific packets over VXLAN cause FPC reset |
| CVE-2022-22172 | 2022-01-19 | Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS |
| CVE-2022-22173 | 2022-01-19 | Junos OS: CRL failing to download causes a memory leak and ultimately a DoS |
| CVE-2022-22174 | 2022-01-19 | Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets |
| CVE-2022-22175 | 2022-01-19 | Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed |
| CVE-2022-22176 | 2022-01-19 | Junos OS: In a scenario with dhcp-security and option-82 configured jdhcpd crashes upon receipt of a malformed DHCP packet |