CVE List - 2022 / January
Showing 301 - 400 of 1988 CVEs for January 2022 (Page 4 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-22702 | 2022-01-07 | PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing... |
| CVE-2021-46048 | 2022-01-07 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. |
| CVE-2021-46050 | 2022-01-07 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. |
| CVE-2021-46052 | 2022-01-07 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. |
| CVE-2021-46053 | 2022-01-07 | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. |
| CVE-2021-46054 | 2022-01-07 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). |
| CVE-2021-46055 | 2022-01-07 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). |
| CVE-2021-32996 | 2022-01-07 | The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. |
| CVE-2021-32998 | 2022-01-07 | The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. |
| CVE-2022-22265 | 2022-01-07 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. |
| CVE-2022-22263 | 2022-01-07 | Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. |
| CVE-2022-22266 | 2022-01-07 | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. |
| CVE-2022-22264 | 2022-01-07 | Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. |
| CVE-2022-22268 | 2022-01-07 | Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. |
| CVE-2022-22267 | 2022-01-07 | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. |
| CVE-2022-22272 | 2022-01-07 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission |
| CVE-2022-22269 | 2022-01-07 | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. |
| CVE-2022-22270 | 2022-01-07 | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. |
| CVE-2022-22271 | 2022-01-07 | A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. |
| CVE-2022-22283 | 2022-01-07 | Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. |
| CVE-2022-22284 | 2022-01-07 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication |
| CVE-2022-22285 | 2022-01-07 | A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. |
| CVE-2022-22286 | 2022-01-07 | A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the... |
| CVE-2022-22287 | 2022-01-07 | Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. |
| CVE-2022-22288 | 2022-01-07 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. |
| CVE-2022-22289 | 2022-01-07 | Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. |
| CVE-2021-40041 | 2022-01-07 | There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by... |
| CVE-2021-40000 | 2022-01-07 | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. |
| CVE-2021-40001 | 2022-01-07 | The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. |
| CVE-2021-40002 | 2022-01-07 | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. |
| CVE-2021-40003 | 2022-01-07 | HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40004 | 2022-01-07 | The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40005 | 2022-01-07 | The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40006 | 2022-01-07 | Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2021-40011 | 2022-01-07 | There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2021-40020 | 2022-01-07 | There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-40009 | 2022-01-07 | There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-40026 | 2022-01-07 | There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-40029 | 2022-01-07 | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function... |
| CVE-2021-40031 | 2022-01-07 | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-40035 | 2022-01-07 | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function... |
| CVE-2021-40037 | 2022-01-07 | There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash... |
| CVE-2021-40038 | 2022-01-07 | There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-40039 | 2022-01-07 | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-40010 | 2022-01-07 | The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution. |
| CVE-2021-40014 | 2022-01-07 | The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40018 | 2022-01-07 | The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40021 | 2022-01-07 | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40022 | 2022-01-07 | The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40025 | 2022-01-07 | The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40027 | 2022-01-07 | The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40028 | 2022-01-07 | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2021-40032 | 2022-01-07 | The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-39993 | 2022-01-07 | There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. |
| CVE-2021-39998 | 2022-01-07 | There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. |
| CVE-2021-39996 | 2022-01-07 | There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow. |
| CVE-2021-35247 | 2022-01-07 | Improper Input Validation Vulnerability in Serv-U |
| CVE-2022-21823 | 2022-01-07 | A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to... |
| CVE-2021-23173 | 2022-01-07 | ICSMA-22-006-01 Philips Engage Software |
| CVE-2021-22060 | 2022-01-07 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional... |
| CVE-2021-30360 | 2022-01-07 | Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and... |
| CVE-2022-22844 | 2022-01-08 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. |
| CVE-2022-22821 | 2022-01-08 | NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. |
| CVE-2022-22827 | 2022-01-08 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2022-22826 | 2022-01-08 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2022-22825 | 2022-01-08 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2022-22824 | 2022-01-08 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2022-22823 | 2022-01-08 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2022-22822 | 2022-01-08 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
| CVE-2021-44024 | 2022-01-08 | A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite... |
| CVE-2021-45231 | 2022-01-08 | A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to... |
| CVE-2021-45440 | 2022-01-08 | A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege... |
| CVE-2021-45441 | 2022-01-08 | A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a... |
| CVE-2021-45442 | 2022-01-08 | A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is... |
| CVE-2022-22836 | 2022-01-08 | CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. |
| CVE-2021-46166 | 2022-01-09 | Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. |
| CVE-2021-46165 | 2022-01-09 | Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. |
| CVE-2021-46164 | 2022-01-09 | Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. |
| CVE-2022-22846 | 2022-01-09 | The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. |
| CVE-2020-10137 | 2022-01-09 | Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with... |
| CVE-2022-22845 | 2022-01-09 | QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations. |
| CVE-2021-46163 | 2022-01-09 | Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. |
| CVE-2021-45856 | 2022-01-09 | Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash |
| CVE-2021-45334 | 2022-01-09 | Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection |
| CVE-2021-25032 | 2022-01-10 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise |
| CVE-2021-35452 | 2022-01-10 | An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. |
| CVE-2021-36408 | 2022-01-10 | An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. |
| CVE-2021-36409 | 2022-01-10 | There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a... |
| CVE-2021-36410 | 2022-01-10 | A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. |
| CVE-2021-36411 | 2022-01-10 | An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability... |
| CVE-2021-36412 | 2022-01-10 | A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the... |
| CVE-2021-36414 | 2022-01-10 | A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. |
| CVE-2021-21408 | 2022-01-10 | Access to restricted PHP code by dynamic static class access in smarty |
| CVE-2021-29454 | 2022-01-10 | Sandbox Escape by math function in smarty |
| CVE-2021-34087 | 2022-01-10 | In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This... |
| CVE-2021-34086 | 2022-01-10 | In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They... |
| CVE-2022-22847 | 2022-01-10 | Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). |
| CVE-2021-45003 | 2022-01-10 | Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload. |
| CVE-2021-44586 | 2022-01-10 | An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. |
| CVE-2021-44458 | 2022-01-10 | Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website |