Lista CVE - 2022 / Gennaio
Visualizzazione 1801 - 1900 di 1988 CVE per Gennaio 2022 (Pagina 19 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-22294 | 2022-01-28 | A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. |
| CVE-2021-41609 | 2022-01-28 | SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind... |
| CVE-2021-41608 | 2022-01-28 | A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID... |
| CVE-2022-22868 | 2022-01-28 | Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. |
| CVE-2021-44971 | 2022-01-28 | Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated... |
| CVE-2022-22938 | 2022-01-28 | VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font... |
| CVE-2021-40388 | 2022-01-28 | A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can... |
| CVE-2021-40389 | 2022-01-28 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An... |
| CVE-2021-40396 | 2022-01-28 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker... |
| CVE-2021-40397 | 2022-01-28 | A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An... |
| CVE-2022-22993 | 2022-01-28 | Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices. |
| CVE-2022-23727 | 2022-01-28 | There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause... |
| CVE-2021-27654 | 2022-01-28 | Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. |
| CVE-2021-22724 | 2022-01-28 | A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted... |
| CVE-2021-22725 | 2022-01-28 | A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted... |
| CVE-2021-22818 | 2022-01-28 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks.... |
| CVE-2021-22819 | 2022-01-28 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use... |
| CVE-2021-22820 | 2022-01-28 | A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the... |
| CVE-2021-22821 | 2022-01-28 | A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the... |
| CVE-2021-22822 | 2022-01-28 | A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry... |
| CVE-2021-22826 | 2022-01-28 | A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected... |
| CVE-2021-22827 | 2022-01-28 | A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected... |
| CVE-2021-22825 | 2022-01-28 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on... |
| CVE-2021-22816 | 2022-01-28 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and... |
| CVE-2021-22799 | 2022-01-28 | A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from... |
| CVE-2021-22807 | 2022-01-28 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric... |
| CVE-2021-22808 | 2022-01-28 | A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider... |
| CVE-2021-22809 | 2022-01-28 | A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon... |
| CVE-2021-22810 | 2022-01-28 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically... |
| CVE-2021-22811 | 2022-01-28 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web... |
| CVE-2021-22812 | 2022-01-28 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically... |
| CVE-2021-22813 | 2022-01-28 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically... |
| CVE-2021-22814 | 2022-01-28 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products:... |
| CVE-2021-22815 | 2022-01-28 | A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500... |
| CVE-2021-26264 | 2022-01-28 | Emerson DeltaV Missing Authentication for Critical Function |
| CVE-2021-44463 | 2022-01-28 | Emerson DeltaV Uncontrolled Search Path Element |
| CVE-2022-22790 | 2022-01-28 | SYNEL - eharmony Directory Traversal |
| CVE-2022-22791 | 2022-01-28 | SYNEL - eharmony Authenticated Blind & Stored XSS |
| CVE-2021-23174 | 2022-01-28 | WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-23863 | 2022-01-28 | HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by... |
| CVE-2021-31567 | 2022-01-28 | WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability |
| CVE-2022-23979 | 2022-01-28 | WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-40338 | 2022-01-28 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product |
| CVE-2021-40339 | 2022-01-28 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product |
| CVE-2021-40340 | 2022-01-28 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product |
| CVE-2022-23456 | 2022-01-28 | Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. |
| CVE-2022-21236 | 2022-01-28 | An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker... |
| CVE-2021-40423 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An... |
| CVE-2022-21796 | 2022-01-28 | A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP... |
| CVE-2022-21801 | 2022-01-28 | A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious... |
| CVE-2022-21199 | 2022-01-28 | An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can... |
| CVE-2022-21134 | 2022-01-28 | A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence... |
| CVE-2021-40404 | 2022-01-28 | An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request... |
| CVE-2021-40419 | 2022-01-28 | A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a... |
| CVE-2021-40406 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker... |
| CVE-2022-21217 | 2022-01-28 | An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP... |
| CVE-2021-40413 | 2022-01-28 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version... |
| CVE-2021-40414 | 2022-01-28 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity... |
| CVE-2021-40415 | 2022-01-28 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will... |
| CVE-2021-40416 | 2022-01-28 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any... |
| CVE-2021-40407 | 2022-01-28 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the... |
| CVE-2021-40408 | 2022-01-28 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the... |
| CVE-2021-40409 | 2022-01-28 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the... |
| CVE-2021-40410 | 2022-01-28 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided... |
| CVE-2021-40411 | 2022-01-28 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided... |
| CVE-2021-40412 | 2022-01-28 | An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through... |
| CVE-2022-22992 | 2022-01-28 | Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices. |
| CVE-2022-22994 | 2022-01-28 | Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices. |
| CVE-2022-23887 | 2022-01-28 | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. |
| CVE-2022-23888 | 2022-01-28 | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. |
| CVE-2022-23889 | 2022-01-28 | The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. |
| CVE-2021-4160 | 2022-01-28 | BN_mod_exp may produce incorrect results on MIPS |
| CVE-2022-0352 | 2022-01-28 | Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web |
| CVE-2021-46444 | 2022-01-28 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. |
| CVE-2021-46445 | 2022-01-28 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. |
| CVE-2021-46446 | 2022-01-28 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. |
| CVE-2021-46447 | 2022-01-28 | A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under... |
| CVE-2021-46448 | 2022-01-28 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. |
| CVE-2022-0393 | 2022-01-28 | Out-of-bounds Read in vim/vim |
| CVE-2021-23484 | 2022-01-28 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2021-23760 | 2022-01-28 | Prototype Pollution |
| CVE-2022-0395 | 2022-01-28 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2021-23558 | 2022-01-28 | Prototype Pollution |
| CVE-2021-44358 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not... |
| CVE-2021-44359 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not... |
| CVE-2021-44360 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not... |
| CVE-2021-44361 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not... |
| CVE-2021-44362 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not... |
| CVE-2021-44363 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not... |
| CVE-2021-44364 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not... |
| CVE-2021-44365 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not... |
| CVE-2021-44367 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not... |
| CVE-2021-44368 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not... |
| CVE-2021-44369 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not... |
| CVE-2021-44370 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not... |
| CVE-2021-44371 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not... |
| CVE-2021-44372 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not... |
| CVE-2021-44373 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not... |
| CVE-2021-44374 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not... |
| CVE-2021-44376 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not... |