CVE List - 2022 / January
Showing 1301 - 1400 of 1988 CVEs for January 2022 (Page 14 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-46027 | 2022-01-19 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will... |
| CVE-2021-46026 | 2022-01-19 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. |
| CVE-2021-46028 | 2022-01-19 | In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will... |
| CVE-2021-45417 | 2022-01-20 | AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. |
| CVE-2021-46322 | 2022-01-20 | Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. |
| CVE-2022-0277 | 2022-01-20 | Incorrect Permission Assignment for Critical Resource in microweber/microweber |
| CVE-2022-21658 | 2022-01-20 | Race condition in std::fs::remove_dir_all in rustlang |
| CVE-2021-43269 | 2022-01-20 | In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This... |
| CVE-2022-0278 | 2022-01-20 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2021-45230 | 2022-01-20 | Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver |
| CVE-2022-22733 | 2022-01-20 | Access-Token in ElasticJob UI causes password disclosure |
| CVE-2021-3866 | 2022-01-20 | Cross-site Scripting (XSS) - Stored in zulip/zulip |
| CVE-2022-0281 | 2022-01-20 | Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber |
| CVE-2022-0282 | 2022-01-20 | Cross-site Scripting in microweber/microweber |
| CVE-2021-34600 | 2022-01-20 | Telenot complex: Insecure AES Key Generation |
| CVE-2022-22820 | 2022-01-20 | Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image... |
| CVE-2021-32039 | 2022-01-20 | MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text |
| CVE-2022-0285 | 2022-01-20 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-44738 | 2022-01-20 | Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. |
| CVE-2021-44737 | 2022-01-20 | PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. |
| CVE-2021-44735 | 2022-01-20 | Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. |
| CVE-2021-44736 | 2022-01-20 | The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. |
| CVE-2021-44734 | 2022-01-20 | Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. |
| CVE-2021-44829 | 2022-01-20 | Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter. |
| CVE-2022-0219 | 2022-01-20 | Improper Restriction of XML External Entity Reference in skylot/jadx |
| CVE-2021-44091 | 2022-01-20 | A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. |
| CVE-2021-44092 | 2022-01-20 | An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. |
| CVE-2022-23119 | 2022-01-20 | A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files... |
| CVE-2022-23120 | 2022-01-20 | A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and... |
| CVE-2021-44244 | 2022-01-20 | An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. |
| CVE-2021-44245 | 2022-01-20 | An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. |
| CVE-2021-44090 | 2022-01-20 | An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. |
| CVE-2021-46061 | 2022-01-20 | An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. |
| CVE-2021-29785 | 2022-01-20 | IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this... |
| CVE-2021-46323 | 2022-01-20 | Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass. |
| CVE-2021-46324 | 2022-01-20 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. |
| CVE-2021-46325 | 2022-01-20 | Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf. |
| CVE-2021-46326 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcpy. |
| CVE-2021-46327 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort. |
| CVE-2021-46328 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start_main. |
| CVE-2021-46329 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini. |
| CVE-2021-46330 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat. |
| CVE-2021-46331 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype. |
| CVE-2021-46332 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter. |
| CVE-2021-46333 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove. |
| CVE-2021-46335 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance. |
| CVE-2021-46336 | 2022-01-20 | There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0. |
| CVE-2021-46334 | 2022-01-20 | Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __interceptor_strcat. |
| CVE-2021-46337 | 2022-01-20 | There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0. |
| CVE-2021-46338 | 2022-01-20 | There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0. |
| CVE-2021-46339 | 2022-01-20 | There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0. |
| CVE-2021-46340 | 2022-01-20 | There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0. |
| CVE-2021-46342 | 2022-01-20 | There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0. |
| CVE-2021-46343 | 2022-01-20 | There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. |
| CVE-2021-46344 | 2022-01-20 | There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. |
| CVE-2021-46345 | 2022-01-20 | There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0. |
| CVE-2021-46346 | 2022-01-20 | There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. |
| CVE-2021-46347 | 2022-01-20 | There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. |
| CVE-2021-46348 | 2022-01-20 | There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0. |
| CVE-2021-46349 | 2022-01-20 | There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. |
| CVE-2021-46350 | 2022-01-20 | There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0. |
| CVE-2021-46351 | 2022-01-20 | There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. |
| CVE-2020-23315 | 2022-01-20 | There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. |
| CVE-2022-22888 | 2022-01-20 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. |
| CVE-2022-22890 | 2022-01-20 | There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0. |
| CVE-2022-22891 | 2022-01-20 | Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c. |
| CVE-2022-22892 | 2022-01-20 | There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c... |
| CVE-2022-22893 | 2022-01-20 | Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. |
| CVE-2022-22894 | 2022-01-20 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. |
| CVE-2022-22895 | 2022-01-20 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. |
| CVE-2022-22928 | 2022-01-20 | MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. |
| CVE-2022-22929 | 2022-01-20 | MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. |
| CVE-2022-23314 | 2022-01-20 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. |
| CVE-2022-23315 | 2022-01-20 | MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. |
| CVE-2022-22930 | 2022-01-20 | A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. |
| CVE-2021-4001 | 2022-01-21 | A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a... |
| CVE-2022-0318 | 2022-01-21 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-0319 | 2022-01-21 | Out-of-bounds Read in vim/vim |
| CVE-2022-23220 | 2022-01-21 | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the... |
| CVE-2022-23837 | 2022-01-21 | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web... |
| CVE-2022-0326 | 2022-01-21 | NULL Pointer Dereference in mruby/mruby |
| CVE-2022-21933 | 2022-01-21 | ASUS VivoMini/Mini PC - improper input validation |
| CVE-2020-19858 | 2022-01-21 | Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. |
| CVE-2020-19860 | 2022-01-21 | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a... |
| CVE-2020-19861 | 2022-01-21 | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the... |
| CVE-2021-46198 | 2022-01-21 | An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. |
| CVE-2021-40855 | 2022-01-21 | The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production. |
| CVE-2021-46200 | 2022-01-21 | An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. |
| CVE-2021-35003 | 2022-01-21 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The... |
| CVE-2021-35004 | 2022-01-21 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability.... |
| CVE-2021-46201 | 2022-01-21 | An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. |
| CVE-2021-46307 | 2022-01-21 | An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. |
| CVE-2021-46308 | 2022-01-21 | An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. |
| CVE-2021-46309 | 2022-01-21 | An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. |
| CVE-2020-4875 | 2022-01-21 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2020-4876 | 2022-01-21 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2020-4877 | 2022-01-21 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. |
| CVE-2020-4879 | 2022-01-21 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. |
| CVE-2021-4016 | 2022-01-21 | Rapid7 Insight Agent Improper Access Control |
| CVE-2022-0323 | 2022-01-21 | Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php |