Lista CVE - 2022 / Gennaio
Visualizzazione 1601 - 1700 di 1988 CVE per Gennaio 2022 (Pagina 17 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-0335 | 2022-01-25 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the... |
| CVE-2021-4133 | 2022-01-25 | A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the... |
| CVE-2021-4145 | 2022-01-25 | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's... |
| CVE-2021-40337 | 2022-01-25 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product |
| CVE-2021-45729 | 2022-01-25 | WordPress WP Google Map plugin <= 1.8.0 - Privilege Escalation vulnerability |
| CVE-2021-43298 | 2022-01-25 | The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force... |
| CVE-2022-23009 | 2022-01-25 | On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note:... |
| CVE-2022-23008 | 2022-01-25 | On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject... |
| CVE-2022-23010 | 2022-01-25 | On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured... |
| CVE-2022-23011 | 2022-01-25 | On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN... |
| CVE-2022-23014 | 2022-01-25 | On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to... |
| CVE-2022-23015 | 2022-01-25 | On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and... |
| CVE-2022-23016 | 2022-01-25 | On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management... |
| CVE-2022-23012 | 2022-01-25 | On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to... |
| CVE-2022-23013 | 2022-01-25 | On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists... |
| CVE-2022-23017 | 2022-01-25 | On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid... |
| CVE-2022-23018 | 2022-01-25 | On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and... |
| CVE-2022-23026 | 2022-01-25 | On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such... |
| CVE-2022-23022 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions... |
| CVE-2022-23023 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by... |
| CVE-2022-23024 | 2022-01-25 | On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on... |
| CVE-2022-23025 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests... |
| CVE-2022-23020 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the... |
| CVE-2022-23019 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both... |
| CVE-2022-23021 | 2022-01-25 | On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP... |
| CVE-2022-23027 | 2022-01-25 | On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured... |
| CVE-2022-23031 | 2022-01-25 | On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of... |
| CVE-2022-23030 | 2022-01-25 | On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in... |
| CVE-2022-23032 | 2022-01-25 | In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable... |
| CVE-2022-23028 | 2022-01-25 | On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is... |
| CVE-2022-23029 | 2022-01-25 | On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server,... |
| CVE-2021-41598 | 2022-01-25 | UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user |
| CVE-2021-43799 | 2022-01-25 | RabbitMQ exposes ports with weak default secrets in Zulip Server |
| CVE-2022-23258 | 2022-01-25 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2021-36289 | 2022-01-25 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
| CVE-2021-36294 | 2022-01-25 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any... |
| CVE-2021-36295 | 2022-01-25 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on... |
| CVE-2021-36296 | 2022-01-25 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on... |
| CVE-2021-36346 | 2022-01-25 | Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. |
| CVE-2021-36347 | 2022-01-25 | iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to... |
| CVE-2021-36348 | 2022-01-25 | iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of... |
| CVE-2021-46386 | 2022-01-26 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. |
| CVE-2022-0355 | 2022-01-26 | Improper Removal of Sensitive Information Before Storage or Transfer in feross/simple-get |
| CVE-2022-0368 | 2022-01-26 | Out-of-bounds Read in vim/vim |
| CVE-2021-22570 | 2022-01-26 | Nullptr Dereference in Protobuf |
| CVE-2021-22600 | 2022-01-26 | Double Free in net/packet/af_packet.c leading to priviledge escalation |
| CVE-2022-0359 | 2022-01-26 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-0361 | 2022-01-26 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-23959 | 2022-01-26 | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling... |
| CVE-2021-46560 | 2022-01-26 | The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. |
| CVE-2021-46559 | 2022-01-26 | The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. |
| CVE-2019-25056 | 2022-01-26 | In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the User-Agent... |
| CVE-2022-23968 | 2022-01-26 | Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is... |
| CVE-2022-21944 | 2022-01-26 | watchman: chown in [email protected] unit allows symlink attack |
| CVE-2022-0374 | 2022-01-26 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-0375 | 2022-01-26 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-0251 | 2022-01-26 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-44118 | 2022-01-26 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker... |
| CVE-2021-41766 | 2022-01-26 | Insecure Java Deserialization in Apache Karaf |
| CVE-2022-22932 | 2022-01-26 | Path traversal flaws |
| CVE-2021-44120 | 2022-01-26 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information.... |
| CVE-2021-44122 | 2022-01-26 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to... |
| CVE-2021-44123 | 2022-01-26 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click... |
| CVE-2022-0203 | 2022-01-26 | Improper Access Control in crater-invoice/crater |
| CVE-2022-0362 | 2022-01-26 | SQL Injection in star7th/showdoc |
| CVE-2021-45975 | 2022-01-26 | In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This... |
| CVE-2021-46117 | 2022-01-26 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. |
| CVE-2022-0379 | 2022-01-26 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-0378 | 2022-01-26 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2021-44692 | 2022-01-26 | BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID... |
| CVE-2021-43334 | 2022-01-26 | BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. |
| CVE-2022-22851 | 2022-01-26 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php |
| CVE-2021-46118 | 2022-01-26 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. |
| CVE-2021-46383 | 2022-01-26 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a... |
| CVE-2021-46116 | 2022-01-26 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. |
| CVE-2021-46115 | 2022-01-26 | jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. |
| CVE-2021-29838 | 2022-01-26 | IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this... |
| CVE-2021-29845 | 2022-01-26 | IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. |
| CVE-2021-29846 | 2022-01-26 | IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. |
| CVE-2021-46561 | 2022-01-26 | controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the... |
| CVE-2022-23990 | 2022-01-26 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
| CVE-2022-23993 | 2022-01-26 | /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. |
| CVE-2022-22850 | 2022-01-26 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types. |
| CVE-2021-46385 | 2022-01-26 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a... |
| CVE-2021-46114 | 2022-01-26 | jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. |
| CVE-2022-22852 | 2022-01-26 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list. |
| CVE-2022-21686 | 2022-01-26 | Server Side Twig Template Injection in PrestaShop |
| CVE-2021-32840 | 2022-01-26 | Path Traversal in SharpZipLib |
| CVE-2021-32842 | 2022-01-26 | Path Traversal in SharpZipLib |
| CVE-2021-32841 | 2022-01-26 | Path Traversal in SharpZipLib |
| CVE-2021-32849 | 2022-01-26 | Arbitrary command execution in Gerapy |
| CVE-2021-41166 | 2022-01-26 | Permission bypass in Nextcloud Android App |
| CVE-2022-23181 | 2022-01-27 | Local privilege escalation with FileStore |
| CVE-2022-21722 | 2022-01-27 | Potential out-of-bound read during RTP/RTCP parsing in PJSIP |
| CVE-2022-21723 | 2022-01-27 | Out-of-bounds read in multipart parsing in PJSIP |
| CVE-2022-0387 | 2022-01-27 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-22828 | 2022-01-27 | An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. |
| CVE-2022-0370 | 2022-01-27 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-0372 | 2022-01-27 | Cross-site Scripting (XSS) - Stored in crater-invoice/crater |
| CVE-2021-44792 | 2022-01-27 | Information Leakege via Unauthorized Access in Single Connect |