CVE List - 2022 / January
Showing 801 - 900 of 1988 CVEs for January 2022 (Page 9 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-38678 | 2022-01-14 | Open Redirect Vulnerability in QcalAgent |
| CVE-2021-38682 | 2022-01-14 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard |
| CVE-2021-38689 | 2022-01-14 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard |
| CVE-2021-38690 | 2022-01-14 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard |
| CVE-2021-38691 | 2022-01-14 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard |
| CVE-2021-38692 | 2022-01-14 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard |
| CVE-2021-46255 | 2022-01-14 | eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. |
| CVE-2022-22054 | 2022-01-14 | ASUS RT-AX56U - Path Traversal |
| CVE-2022-22055 | 2022-01-14 | Le-yan Co., Ltd. dental management system - SQL Injection |
| CVE-2022-22056 | 2022-01-14 | Le-yan Co., Ltd. dental management system - Hard-coded Credentials |
| CVE-2022-20640 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20641 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20642 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20643 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20644 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20645 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20646 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20647 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20658 | 2022-01-14 | Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability |
| CVE-2022-20660 | 2022-01-14 | Cisco IP Phones Information Disclosure Vulnerability |
| CVE-2022-20635 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20636 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20637 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20638 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20639 | 2022-01-14 | Cisco Security Manager Cross-Site Scripting Vulnerabilities |
| CVE-2022-20698 | 2022-01-14 | Clam AntiVirus (ClamAV) Denial of Service Vulnerability |
| CVE-2021-42551 | 2022-01-14 | Reflected XSS in NetBiblio WebOPAC search functionality |
| CVE-2021-36781 | 2022-01-14 | parsec: dangerous 777 permissions for /run/parsec |
| CVE-2021-33962 | 2022-01-14 | China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. |
| CVE-2022-0231 | 2022-01-14 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-32650 | 2022-01-14 | Arbitrary code execution in october/system |
| CVE-2021-32649 | 2022-01-14 | Authenticated file write leads to remote code execution in october/system |
| CVE-2022-21677 | 2022-01-14 | Group advanced search option may leak group and group's members visibility |
| CVE-2022-21685 | 2022-01-14 | Integer underflow in Frontier |
| CVE-2021-39032 | 2022-01-14 | IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. |
| CVE-2022-23227 | 2022-01-14 | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When... |
| CVE-2022-0224 | 2022-01-14 | SQL Injection in dolibarr/dolibarr |
| CVE-2021-45468 | 2022-01-14 | Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind... |
| CVE-2021-24046 | 2022-01-14 | A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device... |
| CVE-2021-45761 | 2022-01-14 | ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function. |
| CVE-2022-0226 | 2022-01-14 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-20612 | 2022-01-14 | Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows... |
| CVE-2021-20613 | 2022-01-14 | Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker... |
| CVE-2021-28501 | 2022-01-14 | An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. |
| CVE-2021-28506 | 2022-01-14 | An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. |
| CVE-2021-28507 | 2022-01-14 | An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. |
| CVE-2021-44743 | 2022-01-14 | Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-45052 | 2022-01-14 | Adobe Bridge TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-45051 | 2022-01-14 | Adobe Bridge JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-44700 | 2022-01-14 | Adobe Illustrator JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43752 | 2022-01-14 | Adobe Illustrator TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-45062 | 2022-01-14 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-44740 | 2022-01-14 | Adobe Acrobat Pro DC NULL Pointer Dereference could lead to Application-denial-of-service |
| CVE-2021-45068 | 2022-01-14 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-44709 | 2022-01-14 | Adobe Acrobat Pro DC Heap Overflow Vulnerability could lead to Arbitrary code execution |
| CVE-2021-44701 | 2022-01-14 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-44741 | 2022-01-14 | Adobe Acrobat Pro DC NULL Pointer Dereference could lead to Application-denial-of-service |
| CVE-2021-44711 | 2022-01-14 | Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability |
| CVE-2021-45063 | 2022-01-14 | Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-44707 | 2022-01-14 | Adobe Acrobat Reader DC OTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-45060 | 2022-01-14 | Adobe Acrobat Reader DC TTF Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-44706 | 2022-01-14 | Adobe Acrobat Reader Collab.registerReview Use-After-Free Remote Execution Vulnerability |
| CVE-2021-45061 | 2022-01-14 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-45064 | 2022-01-14 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-44702 | 2022-01-14 | Adobe Acrobat Reader DC add-on (AxAcroPDFLib.AxAcroPDF) for Internet Explorer LoadFile NTLMv2 SSO Auth leak vulnerability |
| CVE-2021-44715 | 2022-01-14 | Adobe Acrobat Reader DC Out-of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44739 | 2022-01-14 | Adobe Acrobat Reader DC add-on (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Auth leak vulnerability |
| CVE-2021-44708 | 2022-01-14 | Adobe Acrobat Pro DC Heap Overflow could lead to Arbitrary code execution |
| CVE-2021-44704 | 2022-01-14 | Adobe Acrobat Reader Use-After-Free could lead to Arbitrary code execution |
| CVE-2021-44742 | 2022-01-14 | Adobe Reader Out-of-bounds Read Remote Code Execution Vulnerability |
| CVE-2021-44713 | 2022-01-14 | Adobe Acrobat Reader DC Use After Free could lead to Application denial-of-service |
| CVE-2021-44712 | 2022-01-14 | Adobe Acrobat Reader Memory Corruption could lead to Application denial-of-service |
| CVE-2021-45067 | 2022-01-14 | Adobe Acrobat Reader Memory Corruption could lead to Information Disclosure |
| CVE-2021-44703 | 2022-01-14 | Adobe Acrobat Pro DC Stack Overflow Vulnerability Arbitrary code execution |
| CVE-2021-44705 | 2022-01-14 | Adobe Acrobat Reader Use-After-Free could lead to Arbitrary code execution |
| CVE-2021-44710 | 2022-01-14 | Adobe Acrobat Reader Use-after-free could lead to Arbitrary code execution |
| CVE-2021-44714 | 2022-01-14 | Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts |
| CVE-2021-45769 | 2022-01-14 | A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. |
| CVE-2021-23157 | 2022-01-14 | WECON LeviStudioU |
| CVE-2021-23138 | 2022-01-14 | WECON LeviStudioU |
| CVE-2021-36199 | 2022-01-14 | VideoEdge |
| CVE-2022-21137 | 2022-01-14 | Omron CX-One |
| CVE-2021-0959 | 2022-01-14 | In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2021-1049 | 2022-01-14 | Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722 |
| CVE-2021-39618 | 2022-01-14 | In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege... |
| CVE-2021-39620 | 2022-01-14 | In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39621 | 2022-01-14 | In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-39622 | 2022-01-14 | In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39623 | 2022-01-14 | In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2021-39625 | 2022-01-14 | In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with... |
| CVE-2021-39626 | 2022-01-14 | In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution... |
| CVE-2021-39627 | 2022-01-14 | In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-39628 | 2022-01-14 | In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no... |
| CVE-2021-39629 | 2022-01-14 | In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39630 | 2022-01-14 | In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with... |
| CVE-2021-39632 | 2022-01-14 | In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39633 | 2022-01-14 | In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-39634 | 2022-01-14 | In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... |
| CVE-2021-39659 | 2022-01-14 | In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service... |
| CVE-2021-39678 | 2022-01-14 | In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed.... |