CVE List - 2022 / January
Showing 1401 - 1500 of 1988 CVEs for January 2022 (Page 15 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-44593 | 2022-01-21 | Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. |
| CVE-2021-4032 | 2022-01-21 | A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due... |
| CVE-2022-23130 | 2022-01-21 | Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an... |
| CVE-2022-23728 | 2022-01-21 | Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. |
| CVE-2022-23129 | 2022-01-21 | Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain... |
| CVE-2022-23127 | 2022-01-21 | Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of... |
| CVE-2022-23128 | 2022-01-21 | Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97,... |
| CVE-2021-40694 | 2022-01-21 | Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. |
| CVE-2021-23236 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption |
| CVE-2021-23196 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials |
| CVE-2021-23233 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System |
| CVE-2021-33846 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm |
| CVE-2021-23195 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing |
| CVE-2021-23207 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password |
| CVE-2021-31562 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm |
| CVE-2021-33843 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties |
| CVE-2021-44464 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System hard coded credentials |
| CVE-2021-33848 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System cross site scripting |
| CVE-2021-41835 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm |
| CVE-2021-43355 | 2022-01-21 | Fresenius Kabi Agilia Connect Infusion System use of client side authentication |
| CVE-2021-40692 | 2022-01-21 | Insufficient capability checks made it possible for teachers to download users outside of their courses. |
| CVE-2021-40693 | 2022-01-21 | An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. |
| CVE-2021-40695 | 2022-01-21 | It was possible for a student to view their quiz grade before it had been released, using a quiz web service. |
| CVE-2021-40691 | 2022-01-21 | A session hijack risk was identified in the Shibboleth authentication plugin. |
| CVE-2021-33966 | 2022-01-21 | Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. |
| CVE-2021-40247 | 2022-01-21 | SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. |
| CVE-2021-40595 | 2022-01-21 | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. |
| CVE-2021-23664 | 2022-01-21 | Server-side Request Forgery (SSRF) |
| CVE-2021-23460 | 2022-01-21 | Prototype Pollution |
| CVE-2021-23631 | 2022-01-21 | Directory Traversal |
| CVE-2021-23518 | 2022-01-21 | Prototype Pollution |
| CVE-2021-36338 | 2022-01-21 | Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do... |
| CVE-2021-36339 | 2022-01-21 | The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. |
| CVE-2022-22551 | 2022-01-21 | DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. |
| CVE-2022-22552 | 2022-01-21 | Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing... |
| CVE-2022-22553 | 2022-01-21 | Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially... |
| CVE-2021-46234 | 2022-01-21 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46236 | 2022-01-21 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46237 | 2022-01-21 | An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46238 | 2022-01-21 | GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). |
| CVE-2021-46239 | 2022-01-21 | The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service... |
| CVE-2021-46240 | 2022-01-21 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46242 | 2022-01-21 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. |
| CVE-2021-46243 | 2022-01-21 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46244 | 2022-01-21 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS). |
| CVE-2021-46311 | 2022-01-21 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46313 | 2022-01-21 | The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-39480 | 2022-01-21 | Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). |
| CVE-2022-23363 | 2022-01-21 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. |
| CVE-2022-23364 | 2022-01-21 | HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. |
| CVE-2022-23365 | 2022-01-21 | HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. |
| CVE-2022-23366 | 2022-01-21 | HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. |
| CVE-2022-21707 | 2022-01-21 | Incorrect Authorization in wasmCloud |
| CVE-2022-21708 | 2022-01-21 | Denial of Service in graphql-go |
| CVE-2022-23807 | 2022-01-22 | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication... |
| CVE-2022-23808 | 2022-01-22 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. |
| CVE-2021-4172 | 2022-01-22 | Cross-site Scripting (XSS) - Stored in star7th/showdoc |
| CVE-2021-4103 | 2022-01-23 | Cross-site Scripting (XSS) - Stored in vanessa219/vditor |
| CVE-2022-23850 | 2022-01-23 | xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. |
| CVE-2021-45380 | 2022-01-23 | AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php |
| CVE-2021-46024 | 2022-01-23 | Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. |
| CVE-2021-39293 | 2022-01-24 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this... |
| CVE-2022-23437 | 2022-01-24 | Infinite loop within Apache XercesJ xml parser |
| CVE-2021-26706 | 2022-01-24 | An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size... |
| CVE-2021-30636 | 2022-01-24 | In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. |
| CVE-2022-23852 | 2022-01-24 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
| CVE-2022-23856 | 2022-01-24 | An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI. |
| CVE-2022-23855 | 2022-01-24 | An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account. |
| CVE-2022-23857 | 2022-01-24 | model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including... |
| CVE-2022-23858 | 2022-01-24 | A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind... |
| CVE-2021-24423 | 2022-01-24 | UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24694 | 2022-01-24 | Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes |
| CVE-2021-24696 | 2022-01-24 | Simple Download Monitor < 3.9.9 - Multiple CSRF |
| CVE-2021-24733 | 2022-01-24 | WP Post Page Clone < 1.2 - Unauthorised Post Access |
| CVE-2021-24858 | 2022-01-24 | WP Cookie User Info < 1.0.9 - Admin+ SQL Injection |
| CVE-2021-24865 | 2022-01-24 | Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection |
| CVE-2021-24906 | 2022-01-24 | Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation |
| CVE-2021-24923 | 2022-01-24 | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS |
| CVE-2021-24936 | 2022-01-24 | WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24965 | 2022-01-24 | Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-24968 | 2022-01-24 | Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation |
| CVE-2021-24974 | 2022-01-24 | Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-24976 | 2022-01-24 | Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting |
| CVE-2021-24985 | 2022-01-24 | Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting |
| CVE-2021-24989 | 2022-01-24 | Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25008 | 2022-01-24 | Code Snippets < 2.14.3 - Reflected Cross-Site Scripting |
| CVE-2021-25013 | 2022-01-24 | Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2021-25015 | 2022-01-24 | myCred < 2.4 - Reflected Cross-Site Scripting |
| CVE-2021-25017 | 2022-01-24 | Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting |
| CVE-2021-25028 | 2022-01-24 | Event Tickets < 5.2.2 - Open Redirect |
| CVE-2021-25031 | 2022-01-24 | Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting |
| CVE-2021-25035 | 2022-01-24 | Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting |
| CVE-2021-25045 | 2022-01-24 | Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id |
| CVE-2021-25049 | 2022-01-24 | Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25062 | 2022-01-24 | Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting |
| CVE-2021-25073 | 2022-01-24 | WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF |
| CVE-2021-25074 | 2022-01-24 | WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect |
| CVE-2021-25076 | 2022-01-24 | WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting |
| CVE-2021-25078 | 2022-01-24 | Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-25079 | 2022-01-24 | Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting |