CVE List - 2022 / January
Showing 1701 - 1800 of 1988 CVEs for January 2022 (Page 18 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-44793 | 2022-01-27 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44794 | 2022-01-27 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44795 | 2022-01-27 | Modifying User Permissions via Unauthorized Access in Single Connect |
| CVE-2021-28096 | 2022-01-27 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any... |
| CVE-2022-0348 | 2022-01-27 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-46065 | 2022-01-27 | A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. |
| CVE-2021-46088 | 2022-01-27 | Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on... |
| CVE-2021-46097 | 2022-01-27 | Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log |
| CVE-2021-46377 | 2022-01-27 | There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser |
| CVE-2021-46102 | 2022-01-27 | From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking.... |
| CVE-2021-46427 | 2022-01-27 | An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. |
| CVE-2021-46428 | 2022-01-27 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. |
| CVE-2021-46484 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46485 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46486 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46487 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46488 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46489 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46490 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46491 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46492 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46494 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46495 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46496 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46497 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46498 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46499 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46500 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46501 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46502 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46503 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46504 | 2022-01-27 | There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0. |
| CVE-2021-46505 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. |
| CVE-2021-46506 | 2022-01-27 | There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0. |
| CVE-2021-46507 | 2022-01-27 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. |
| CVE-2021-46508 | 2022-01-27 | There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. |
| CVE-2021-46509 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. |
| CVE-2021-46510 | 2022-01-27 | There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0. |
| CVE-2021-46511 | 2022-01-27 | There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. |
| CVE-2021-46512 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46513 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c. |
| CVE-2021-46514 | 2022-01-27 | There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. |
| CVE-2021-46515 | 2022-01-27 | There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. |
| CVE-2021-46516 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46517 | 2022-01-27 | There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. |
| CVE-2021-46518 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c. |
| CVE-2021-46519 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c. |
| CVE-2021-46520 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c. |
| CVE-2021-46521 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c. |
| CVE-2021-46522 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. |
| CVE-2021-46523 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. |
| CVE-2021-46524 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. |
| CVE-2021-46525 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c. |
| CVE-2021-46526 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. |
| CVE-2021-46527 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. |
| CVE-2021-46528 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46529 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46530 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46531 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46532 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46534 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46535 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46537 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46538 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46539 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46540 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46541 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46542 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46543 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46544 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46545 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46546 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46547 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46548 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46549 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46550 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46553 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46554 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46556 | 2022-01-27 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2016-3735 | 2022-01-28 | Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output... |
| CVE-2020-25905 | 2022-01-28 | An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. |
| CVE-2020-28884 | 2022-01-28 | Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay... |
| CVE-2022-23096 | 2022-01-28 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an... |
| CVE-2022-23097 | 2022-01-28 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. |
| CVE-2022-23098 | 2022-01-28 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. |
| CVE-2021-4034 | 2022-01-28 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according... |
| CVE-2022-0392 | 2022-01-28 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-24071 | 2022-01-28 | A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. |
| CVE-2022-21719 | 2022-01-28 | Reflected XSS using reload button in GLPI |
| CVE-2022-21720 | 2022-01-28 | SQL injection using custom CSS administration form in GLPI |
| CVE-2022-0394 | 2022-01-28 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2020-28885 | 2022-01-28 | Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS... |
| CVE-2021-42791 | 2022-01-28 | An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push... |
| CVE-2021-45435 | 2022-01-28 | An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. |
| CVE-2021-44249 | 2022-01-28 | Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. |
| CVE-2022-23863 | 2022-01-28 | Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. |
| CVE-2021-45897 | 2022-01-28 | SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. |
| CVE-2021-45898 | 2022-01-28 | SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. |
| CVE-2021-34073 | 2022-01-28 | A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. |
| CVE-2021-45899 | 2022-01-28 | SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. |