Lista CVE - 2022 / Gennaio
Visualizzazione 1901 - 1988 di 1988 CVE per Gennaio 2022 (Pagina 20 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-44377 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not... |
| CVE-2021-44378 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not... |
| CVE-2021-44379 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not... |
| CVE-2021-44380 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not... |
| CVE-2021-44381 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not... |
| CVE-2021-44382 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object.... |
| CVE-2021-44383 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not... |
| CVE-2021-44384 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not... |
| CVE-2021-44385 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not... |
| CVE-2021-44386 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not... |
| CVE-2021-44387 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not... |
| CVE-2021-44388 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not... |
| CVE-2021-44389 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not... |
| CVE-2021-44390 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not... |
| CVE-2021-44391 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not... |
| CVE-2021-44392 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not... |
| CVE-2021-44393 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not... |
| CVE-2021-44395 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not... |
| CVE-2021-44396 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not... |
| CVE-2021-44397 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not... |
| CVE-2021-44398 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not... |
| CVE-2021-44399 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not... |
| CVE-2021-44400 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not... |
| CVE-2021-44401 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not... |
| CVE-2021-44402 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not... |
| CVE-2021-44403 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not... |
| CVE-2021-44408 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not... |
| CVE-2021-44409 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not... |
| CVE-2021-44410 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not... |
| CVE-2021-44411 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not... |
| CVE-2021-44404 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not... |
| CVE-2021-44405 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not... |
| CVE-2021-44406 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not... |
| CVE-2021-44407 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not... |
| CVE-2021-44412 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not... |
| CVE-2021-44413 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not... |
| CVE-2021-44414 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not... |
| CVE-2021-44415 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not... |
| CVE-2021-44416 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not... |
| CVE-2021-44417 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not... |
| CVE-2021-44418 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not... |
| CVE-2021-44419 | 2022-01-28 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not... |
| CVE-2022-23599 | 2022-01-28 | Cross-site Scripting and Open Redirect in Products.ATContentTypes |
| CVE-2022-23598 | 2022-01-28 | Reflected XSS vulnerability when rendering error messages in laminas-form |
| CVE-2022-21721 | 2022-01-28 | DOS Vulnerability in next.js |
| CVE-2022-24122 | 2022-01-29 | kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. |
| CVE-2021-46659 | 2022-01-29 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. |
| CVE-2021-46658 | 2022-01-29 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. |
| CVE-2021-46657 | 2022-01-29 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. |
| CVE-2022-24124 | 2022-01-29 | The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. |
| CVE-2022-24123 | 2022-01-29 | MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting... |
| CVE-2021-46660 | 2022-01-29 | Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. |
| CVE-2022-0408 | 2022-01-30 | Stack-based Buffer Overflow in vim/vim |
| CVE-2022-0413 | 2022-01-30 | Use After Free in vim/vim |
| CVE-2022-24032 | 2022-01-30 | Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when... |
| CVE-2022-22919 | 2022-01-30 | Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. |
| CVE-2022-0339 | 2022-01-30 | Server-Side Request Forgery (SSRF) in janeczku/calibre-web |
| CVE-2022-0273 | 2022-01-30 | Improper Access Control in janeczku/calibre-web |
| CVE-2022-0407 | 2022-01-30 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-0414 | 2022-01-31 | Improper Validation of Specified Quantity in Input in dolibarr/dolibarr |
| CVE-2022-24130 | 2022-01-31 | xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. |
| CVE-2022-23409 | 2022-01-31 | The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. |
| CVE-2021-27971 | 2022-01-31 | Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. |
| CVE-2021-34805 | 2022-01-31 | An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. |
| CVE-2021-45079 | 2022-01-31 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and... |
| CVE-2021-23521 | 2022-01-31 | Link Following |
| CVE-2021-23520 | 2022-01-31 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2021-44255 | 2022-01-31 | Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will... |
| CVE-2021-46101 | 2022-01-31 | In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. |
| CVE-2020-36064 | 2022-01-31 | Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. |
| CVE-2020-36056 | 2022-01-31 | Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. |
| CVE-2021-28962 | 2022-01-31 | Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. |
| CVE-2021-31617 | 2022-01-31 | In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to... |
| CVE-2021-46458 | 2022-01-31 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. |
| CVE-2022-0286 | 2022-01-31 | A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. |
| CVE-2021-40042 | 2022-01-31 | There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine... |
| CVE-2021-40033 | 2022-01-31 | There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure.... |
| CVE-2021-44114 | 2022-01-31 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. |
| CVE-2021-42631 | 2022-01-31 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. |
| CVE-2021-42635 | 2022-01-31 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. |
| CVE-2021-46459 | 2022-01-31 | Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or... |
| CVE-2022-21659 | 2022-01-31 | Observable Response Discrepancy in Flask-AppBuilder |
| CVE-2022-23872 | 2022-01-31 | Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. |
| CVE-2022-24263 | 2022-01-31 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. |
| CVE-2022-24264 | 2022-01-31 | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. |
| CVE-2022-24265 | 2022-01-31 | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. |
| CVE-2022-24266 | 2022-01-31 | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. |
| CVE-2021-25097 | 2022-02-01 | LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion |
| CVE-2022-24196 | 2022-02-01 | iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2022-24197 | 2022-02-01 | iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
| CVE-2022-24198 | 2022-02-01 | iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor... |
| CVE-2022-0417 | 2022-02-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-46669 | 2022-02-01 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. |
| CVE-2021-46668 | 2022-02-01 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. |
| CVE-2021-46667 | 2022-02-01 | MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. |
| CVE-2021-46666 | 2022-02-01 | MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. |
| CVE-2021-46665 | 2022-02-01 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. |
| CVE-2021-46664 | 2022-02-01 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. |
| CVE-2021-46663 | 2022-02-01 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. |
| CVE-2021-46662 | 2022-02-01 | MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. |