Lista CVE - 2022 / Gennaio
Visualizzazione 1501 - 1600 di 1988 CVE per Gennaio 2022 (Pagina 16 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-25080 | 2022-01-24 | Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-25083 | 2022-01-24 | Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting |
| CVE-2022-0269 | 2022-01-24 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm |
| CVE-2021-44981 | 2022-01-24 | In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell... |
| CVE-2022-22296 | 2022-01-24 | Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be... |
| CVE-2021-40596 | 2022-01-24 | SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. |
| CVE-2021-40907 | 2022-01-24 | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. |
| CVE-2021-40908 | 2022-01-24 | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2021-40909 | 2022-01-24 | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name,... |
| CVE-2021-41471 | 2022-01-24 | SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. |
| CVE-2021-41472 | 2022-01-24 | SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. |
| CVE-2021-4088 | 2022-01-24 | Blind SQL injection in DLP ePO extension |
| CVE-2021-41658 | 2022-01-24 | Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page. |
| CVE-2021-41659 | 2022-01-24 | SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. |
| CVE-2021-41660 | 2022-01-24 | SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. |
| CVE-2021-41929 | 2022-01-24 | Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page. |
| CVE-2021-41930 | 2022-01-24 | Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. |
| CVE-2022-23126 | 2022-01-24 | TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because... |
| CVE-2021-35005 | 2022-01-24 | This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in... |
| CVE-2021-42168 | 2022-01-24 | Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter... |
| CVE-2021-41928 | 2022-01-24 | SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. |
| CVE-2021-43420 | 2022-01-24 | SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2021-46451 | 2022-01-24 | An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. |
| CVE-2020-17383 | 2022-01-24 | A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration... |
| CVE-2022-21710 | 2022-01-24 | Cross-site Scripting in ShortDescription extension |
| CVE-2022-21711 | 2022-01-24 | Out-of-bounds Read lead to application crashes or information leakage in ELF parsing. |
| CVE-2022-21715 | 2022-01-24 | Cross-site Scripting Vulnerability in CodeIgniter4 |
| CVE-2021-45222 | 2022-01-24 | An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. |
| CVE-2021-45223 | 2022-01-24 | An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. |
| CVE-2021-45226 | 2022-01-24 | An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. |
| CVE-2021-45225 | 2022-01-24 | An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and... |
| CVE-2021-45224 | 2022-01-24 | An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to... |
| CVE-2021-36342 | 2022-01-24 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-36343 | 2022-01-24 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-36349 | 2022-01-24 | Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this... |
| CVE-2021-43588 | 2022-01-24 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2021-43589 | 2022-01-24 | Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges... |
| CVE-2022-22554 | 2022-01-24 | Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure... |
| CVE-2021-43394 | 2022-01-24 | Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. |
| CVE-2021-40158 | 2022-01-25 | A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability... |
| CVE-2021-40159 | 2022-01-25 | An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in... |
| CVE-2021-45341 | 2022-01-25 | A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. |
| CVE-2021-45342 | 2022-01-25 | A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. |
| CVE-2021-45343 | 2022-01-25 | In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. |
| CVE-2022-0351 | 2022-01-25 | Access of Memory Location Before Start of Buffer in vim/vim |
| CVE-2021-44988 | 2022-01-25 | Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. |
| CVE-2021-44992 | 2022-01-25 | There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0. |
| CVE-2021-44993 | 2022-01-25 | There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. |
| CVE-2021-44994 | 2022-01-25 | There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. |
| CVE-2021-46474 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46477 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46475 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46478 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46480 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2021-46481 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. |
| CVE-2021-46482 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. |
| CVE-2021-46483 | 2022-01-25 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. |
| CVE-2022-23935 | 2022-01-25 | lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. |
| CVE-2022-0338 | 2022-01-25 | Insertion of Sensitive Information into Log File in delgan/loguru |
| CVE-2022-0268 | 2022-01-25 | Cross-site Scripting (XSS) - Stored in getgrav/grav |
| CVE-2021-45340 | 2022-01-25 | In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT... |
| CVE-2021-45844 | 2022-01-25 | Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. |
| CVE-2021-45845 | 2022-01-25 | The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. |
| CVE-2021-45802 | 2022-01-25 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time... |
| CVE-2021-45803 | 2022-01-25 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. |
| CVE-2021-46113 | 2022-01-25 | In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. |
| CVE-2021-45029 | 2022-01-25 | Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection |
| CVE-2022-23223 | 2022-01-25 | Apache ShenYu Password leakage |
| CVE-2022-23944 | 2022-01-25 | Apache ShenYu 2.4.1 Improper access control |
| CVE-2022-23945 | 2022-01-25 | Apache ShenYu missing authentication allows gateway registration |
| CVE-2021-45846 | 2022-01-25 | A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type"... |
| CVE-2021-45847 | 2022-01-25 | Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file. |
| CVE-2022-23033 | 2022-01-25 | arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to... |
| CVE-2022-23034 | 2022-01-25 | A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the... |
| CVE-2022-23035 | 2022-01-25 | Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the... |
| CVE-2022-21697 | 2022-01-25 | SSRF vulnerability (requires authentication) |
| CVE-2021-46089 | 2022-01-25 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. |
| CVE-2021-3850 | 2022-01-25 | Authentication Bypass by Primary Weakness in adodb/adodb |
| CVE-2021-46033 | 2022-01-25 | In ForestBlog, as of 2021-12-28, File upload can bypass verification. |
| CVE-2021-46034 | 2022-01-25 | A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. |
| CVE-2021-43863 | 2022-01-25 | SQL Injection in FileContentProvider (GHSL-2021-1007) |
| CVE-2021-34865 | 2022-01-25 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd... |
| CVE-2021-34866 | 2022-01-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2021-34867 | 2022-01-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2021-34868 | 2022-01-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-34869 | 2022-01-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-34870 | 2022-01-25 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-46086 | 2022-01-25 | xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method... |
| CVE-2021-46084 | 2022-01-25 | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box. |
| CVE-2021-46083 | 2022-01-25 | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code. |
| CVE-2021-46085 | 2022-01-25 | OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. |
| CVE-2021-46087 | 2022-01-25 | In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form,... |
| CVE-2021-39031 | 2022-01-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit... |
| CVE-2021-40167 | 2022-01-25 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2021-38129 | 2022-01-25 | Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user... |
| CVE-2022-22789 | 2022-01-25 | Charactell - FormStorm Enterprise Account Take Over |
| CVE-2022-0270 | 2022-01-25 | Improper header sanitization in bored-agent causes escalation of privilege |
| CVE-2022-0332 | 2022-01-25 | A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. |
| CVE-2022-0333 | 2022-01-25 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify... |
| CVE-2022-0334 | 2022-01-25 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their... |