Lista CVE - 2022 / Gennaio
Visualizzazione 101 - 200 di 1988 CVE per Gennaio 2022 (Pagina 2 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-39984 | 2022-01-03 | Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service. |
| CVE-2021-39985 | 2022-01-03 | The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |
| CVE-2021-39987 | 2022-01-03 | The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |
| CVE-2021-39988 | 2022-01-03 | The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |
| CVE-2021-39989 | 2022-01-03 | The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. |
| CVE-2021-39990 | 2022-01-03 | The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. |
| CVE-2021-37133 | 2022-01-03 | There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-39966 | 2022-01-03 | There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-39967 | 2022-01-03 | There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-39969 | 2022-01-03 | There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-39973 | 2022-01-03 | There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down. |
| CVE-2021-37110 | 2022-01-03 | There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-39974 | 2022-01-03 | There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-38576 | 2022-01-03 | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well... |
| CVE-2021-45829 | 2022-01-03 | HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. |
| CVE-2021-41141 | 2022-01-04 | Missing release of locks in PJSIP |
| CVE-2021-43942 | 2022-01-04 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To... |
| CVE-2021-20868 | 2022-01-04 | Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i... |
| CVE-2021-20869 | 2022-01-04 | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub... |
| CVE-2021-20870 | 2022-01-04 | Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and... |
| CVE-2021-20871 | 2022-01-04 | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub... |
| CVE-2021-20872 | 2022-01-04 | Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub... |
| CVE-2022-0083 | 2022-01-04 | Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat |
| CVE-2021-34797 | 2022-01-04 | Apache Geode project log file redaction of sensitive information vulnerability |
| CVE-2021-38542 | 2022-01-04 | Apache James vulnerable to STARTTLS command injection (IMAP and POP3) |
| CVE-2021-40110 | 2022-01-04 | Apache James IMAP vulnerable to a ReDoS |
| CVE-2021-40111 | 2022-01-04 | Apache James IMAP parsing Denial Of Service |
| CVE-2021-40525 | 2022-01-04 | Sieve file storage vulnerable to path traversal attacks |
| CVE-2021-31833 | 2022-01-04 | Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by... |
| CVE-2021-44168 | 2022-01-04 | A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the... |
| CVE-2021-43711 | 2022-01-04 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. |
| CVE-2021-45913 | 2022-01-04 | A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. |
| CVE-2021-45978 | 2022-01-04 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. |
| CVE-2021-45979 | 2022-01-04 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. |
| CVE-2021-45980 | 2022-01-04 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. |
| CVE-2021-3842 | 2022-01-04 | Inefficient Regular Expression Complexity in nltk/nltk |
| CVE-2021-45912 | 2022-01-04 | An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. |
| CVE-2021-45389 | 2022-01-04 | A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects... |
| CVE-2021-40148 | 2022-01-04 | In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-41789 | 2022-01-04 | In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional... |
| CVE-2022-20012 | 2022-01-04 | In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20013 | 2022-01-04 | In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20014 | 2022-01-04 | In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20015 | 2022-01-04 | In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed... |
| CVE-2022-20016 | 2022-01-04 | In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-20018 | 2022-01-04 | In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed... |
| CVE-2022-20019 | 2022-01-04 | In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20020 | 2022-01-04 | In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20021 | 2022-01-04 | In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth... |
| CVE-2022-20022 | 2022-01-04 | In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected... |
| CVE-2022-20023 | 2022-01-04 | In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional... |
| CVE-2021-3845 | 2022-01-04 | External Control of File Name or Path in netristv/ws-scrcpy |
| CVE-2022-0086 | 2022-01-04 | Server-Side Request Forgery (SSRF) in transloadit/uppy |
| CVE-2021-39143 | 2022-01-04 | Path Traversal in spinnaker |
| CVE-2021-24042 | 2022-01-04 | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230,... |
| CVE-2021-41236 | 2022-01-04 | XSS vulnerability in oro/platform |
| CVE-2021-43677 | 2022-01-04 | Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. |
| CVE-2021-43832 | 2022-01-04 | Improper Access Control in spinnaker |
| CVE-2021-43850 | 2022-01-04 | Denial of Service in discourse |
| CVE-2021-43852 | 2022-01-04 | JavaScript Prototype Pollution in oro/platform |
| CVE-2022-21643 | 2022-01-04 | SQL Injection in USOC |
| CVE-2022-21644 | 2022-01-04 | SQL Injection via search in USOC |
| CVE-2022-21647 | 2022-01-04 | Deserialization of Untrusted Data in Codeigniter4 |
| CVE-2022-21648 | 2022-01-04 | Sandbox bypass in Latte templates |
| CVE-2022-21650 | 2022-01-04 | Stored XSS via html file upload in convos |
| CVE-2022-21649 | 2022-01-04 | Stored XSS via attribute in convos |
| CVE-2021-41388 | 2022-01-04 | Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting... |
| CVE-2021-22045 | 2022-01-04 | VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access... |
| CVE-2021-45452 | 2022-01-04 | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. |
| CVE-2021-45116 | 2022-01-04 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter... |
| CVE-2021-45115 | 2022-01-04 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in... |
| CVE-2021-45831 | 2022-01-05 | A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. |
| CVE-2021-46038 | 2022-01-05 | A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent). |
| CVE-2021-43946 | 2022-01-05 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint.... |
| CVE-2021-22567 | 2022-01-05 | Bidirectional Override in Dart SDK |
| CVE-2021-31589 | 2022-01-05 | A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests... |
| CVE-2020-15933 | 2022-01-05 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain... |
| CVE-2021-41043 | 2022-01-05 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. |
| CVE-2022-22107 | 2022-01-05 | DayByDay CRM - Missing Authorization when Viewing Appointments |
| CVE-2022-22108 | 2022-01-05 | DayByDay CRM - Missing Authorization when Viewing Absences |
| CVE-2022-22109 | 2022-01-05 | DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title |
| CVE-2022-22110 | 2022-01-05 | DayByDay CRM - Weak Password Requirements in Update User |
| CVE-2022-22111 | 2022-01-05 | DayByDay CRM - Missing Authorization when Changing Password |
| CVE-2021-28711 | 2022-01-05 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers... |
| CVE-2021-28712 | 2022-01-05 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers... |
| CVE-2021-28713 | 2022-01-05 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers... |
| CVE-2021-38918 | 2022-01-05 | IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID:... |
| CVE-2021-43779 | 2022-01-05 | Remote Command Execution vulnerability |
| CVE-2021-43816 | 2022-01-05 | Improper Preservation of Permissions in containerd |
| CVE-2022-21642 | 2022-01-05 | Exposure of whisper participants in discourse |
| CVE-2022-21651 | 2022-01-05 | Open redirect in shopware |
| CVE-2022-21652 | 2022-01-05 | Insufficient Session Expiration in shopware |
| CVE-2021-45830 | 2022-01-05 | A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service. |
| CVE-2021-45832 | 2022-01-05 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). |
| CVE-2021-45833 | 2022-01-05 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent). |
| CVE-2022-21653 | 2022-01-05 | Hash collision in typelevel jawn |
| CVE-2020-5956 | 2022-01-05 | An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted... |
| CVE-2021-45970 | 2022-01-05 | An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists... |
| CVE-2021-45969 | 2022-01-05 | An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists... |
| CVE-2021-41842 | 2022-01-05 | An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde... |