CVE List - 2022 / January
Showing 501 - 600 of 1988 CVEs for January 2022 (Page 6 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-21877 | 2022-01-11 | Storage Spaces Controller Information Disclosure Vulnerability |
| CVE-2022-21878 | 2022-01-11 | Windows Geolocation Service Remote Code Execution Vulnerability |
| CVE-2022-21879 | 2022-01-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21880 | 2022-01-11 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-21881 | 2022-01-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21882 | 2022-01-11 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-21883 | 2022-01-11 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2022-21884 | 2022-01-11 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| CVE-2022-21885 | 2022-01-11 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-21887 | 2022-01-11 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-21888 | 2022-01-11 | Windows Modern Execution Server Remote Code Execution Vulnerability |
| CVE-2022-21889 | 2022-01-11 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2022-21890 | 2022-01-11 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2022-21891 | 2022-01-11 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
| CVE-2022-21892 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21893 | 2022-01-11 | Remote Desktop Protocol Remote Code Execution Vulnerability |
| CVE-2022-21894 | 2022-01-11 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2022-21895 | 2022-01-11 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2022-21896 | 2022-01-11 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21897 | 2022-01-11 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21898 | 2022-01-11 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2022-21899 | 2022-01-11 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability |
| CVE-2022-21900 | 2022-01-11 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2022-21901 | 2022-01-11 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-21902 | 2022-01-11 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21903 | 2022-01-11 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2022-21904 | 2022-01-11 | Windows GDI Information Disclosure Vulnerability |
| CVE-2022-21905 | 2022-01-11 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2022-21906 | 2022-01-11 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| CVE-2022-21907 | 2022-01-11 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2022-21908 | 2022-01-11 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2022-21910 | 2022-01-11 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability |
| CVE-2022-21911 | 2022-01-11 | .NET Framework Denial of Service Vulnerability |
| CVE-2022-21912 | 2022-01-11 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2022-21913 | 2022-01-11 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass |
| CVE-2022-21914 | 2022-01-11 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-21915 | 2022-01-11 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-21916 | 2022-01-11 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21917 | 2022-01-11 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-21918 | 2022-01-11 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2022-21919 | 2022-01-11 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2022-21920 | 2022-01-11 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2022-21921 | 2022-01-11 | Windows Defender Credential Guard Security Feature Bypass Vulnerability |
| CVE-2022-21922 | 2022-01-11 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2022-21924 | 2022-01-11 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability |
| CVE-2022-21925 | 2022-01-11 | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability |
| CVE-2022-21928 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21929 | 2022-01-11 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2022-21930 | 2022-01-11 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2022-21931 | 2022-01-11 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2022-21932 | 2022-01-11 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| CVE-2022-21954 | 2022-01-11 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-21958 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21959 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21960 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21961 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21962 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21963 | 2022-01-11 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21964 | 2022-01-11 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability |
| CVE-2022-21969 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21970 | 2022-01-11 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2021-46283 | 2022-01-11 | nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization... |
| CVE-2022-21646 | 2022-01-11 | Lookup operations do not take into account wildcards in SpiceDB |
| CVE-2021-41767 | 2022-01-11 | Private tunnel identifier may be included in the non-private details of active connections |
| CVE-2021-43999 | 2022-01-11 | Improper validation of SAML responses |
| CVE-2022-0087 | 2022-01-11 | Cross-site Scripting (XSS) - Reflected in keystonejs/keystone |
| CVE-2021-36417 | 2022-01-12 | A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file. |
| CVE-2021-40559 | 2022-01-12 | A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. |
| CVE-2021-40562 | 2022-01-12 | A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. |
| CVE-2021-40563 | 2022-01-12 | A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. |
| CVE-2021-40564 | 2022-01-12 | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. |
| CVE-2021-40565 | 2022-01-12 | A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. |
| CVE-2021-40566 | 2022-01-12 | A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. |
| CVE-2021-43860 | 2022-01-12 | Permissions granted to applications can be hidden from the user at install time |
| CVE-2022-0179 | 2022-01-12 | Missing Authorization in snipe/snipe-it |
| CVE-2022-20613 | 2022-01-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. |
| CVE-2022-20614 | 2022-01-12 | A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. |
| CVE-2022-23106 | 2022-01-12 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication... |
| CVE-2022-0159 | 2022-01-12 | Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore |
| CVE-2021-3852 | 2022-01-12 | Authorization Bypass Through User-Controlled Key in weseek/growi |
| CVE-2021-44648 | 2022-01-12 | GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. |
| CVE-2021-44649 | 2022-01-12 | Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an... |
| CVE-2021-44650 | 2022-01-12 | Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. |
| CVE-2021-4080 | 2022-01-12 | Unrestricted Upload of File with Dangerous Type in crater-invoice/crater |
| CVE-2021-44651 | 2022-01-12 | Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. |
| CVE-2021-44652 | 2022-01-12 | Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. |
| CVE-2021-45411 | 2022-01-12 | In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote... |
| CVE-2021-43436 | 2022-01-12 | MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the... |
| CVE-2022-0012 | 2022-01-12 | Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability |
| CVE-2022-0013 | 2022-01-12 | Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File |
| CVE-2022-0014 | 2022-01-12 | Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session |
| CVE-2022-0015 | 2022-01-12 | Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability |
| CVE-2021-45445 | 2022-01-12 | Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. |
| CVE-2021-28377 | 2022-01-12 | ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. |
| CVE-2021-28376 | 2022-01-12 | ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. |
| CVE-2021-43960 | 2022-01-12 | Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go... |
| CVE-2022-21675 | 2022-01-12 | Bytecode Viewer v2.10.x Zip Slip |
| CVE-2022-21676 | 2022-01-12 | Uncaught Exception in engine.io |
| CVE-2021-35500 | 2022-01-12 | TIBCO Data Virtualization Arbitrary File Download vulnerability |
| CVE-2021-42562 | 2022-01-12 | An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should... |