Lista CVE - 2022 / Gennaio
Visualizzazione 201 - 300 di 1988 CVE per Gennaio 2022 (Pagina 3 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-45971 | 2022-01-05 | An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists... |
| CVE-2020-23986 | 2022-01-05 | Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. |
| CVE-2020-27428 | 2022-01-05 | A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. |
| CVE-2021-46039 | 2022-01-06 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). |
| CVE-2021-46040 | 2022-01-06 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). |
| CVE-2021-46041 | 2022-01-06 | A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. |
| CVE-2021-46042 | 2022-01-06 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. |
| CVE-2021-46043 | 2022-01-06 | A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. |
| CVE-2021-46044 | 2022-01-06 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). |
| CVE-2021-43947 | 2022-01-06 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates... |
| CVE-2022-0121 | 2022-01-06 | Cross-site Scripting in hoppscotch/hoppscotch |
| CVE-2021-46143 | 2022-01-06 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
| CVE-2021-46142 | 2022-01-06 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. |
| CVE-2021-46141 | 2022-01-06 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. |
| CVE-2021-46144 | 2022-01-06 | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. |
| CVE-2022-22704 | 2022-01-06 | The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. |
| CVE-2022-0122 | 2022-01-06 | Open Redirect in digitalbazaar/forge |
| CVE-2021-46145 | 2022-01-06 | The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. |
| CVE-2022-22707 | 2022-01-06 | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash)... |
| CVE-2021-36737 | 2022-01-06 | XSS in V3 Demo Portlet |
| CVE-2021-36738 | 2022-01-06 | XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet |
| CVE-2021-36739 | 2022-01-06 | XSS vulnerability in the MVCBean JSP portlet maven archetype |
| CVE-2021-44351 | 2022-01-06 | An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. |
| CVE-2021-44564 | 2022-01-06 | A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and... |
| CVE-2021-44584 | 2022-01-06 | Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2021-27738 | 2022-01-06 | Improper Access Control to Streaming Coordinator & SSRF |
| CVE-2021-31522 | 2022-01-06 | Apache Kylin unsafe class loading |
| CVE-2021-36774 | 2022-01-06 | Mysql JDBC Connector Deserialize RCE |
| CVE-2021-45456 | 2022-01-06 | Command injection |
| CVE-2021-45457 | 2022-01-06 | Overly broad CORS configuration |
| CVE-2021-45458 | 2022-01-06 | Hardcoded credentials |
| CVE-2021-44878 | 2022-01-06 | If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or... |
| CVE-2021-44590 | 2022-01-06 | In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits... |
| CVE-2021-44591 | 2022-01-06 | In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. |
| CVE-2021-46080 | 2022-01-06 | A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. |
| CVE-2021-46076 | 2022-01-06 | Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. |
| CVE-2021-46075 | 2022-01-06 | A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. |
| CVE-2021-46074 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. |
| CVE-2021-46073 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. |
| CVE-2021-46072 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. |
| CVE-2021-46071 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. |
| CVE-2021-46070 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. |
| CVE-2021-46069 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. |
| CVE-2021-45744 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. |
| CVE-2021-45745 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. |
| CVE-2021-46067 | 2022-01-06 | In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. |
| CVE-2021-46068 | 2022-01-06 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. |
| CVE-2021-46078 | 2022-01-06 | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. |
| CVE-2021-46079 | 2022-01-06 | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. |
| CVE-2022-0128 | 2022-01-06 | Out-of-bounds Read in vim/vim |
| CVE-2021-28714 | 2022-01-06 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]... |
| CVE-2021-28715 | 2022-01-06 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]... |
| CVE-2021-4194 | 2022-01-06 | Improper Access Control in bookstackapp/bookstack |
| CVE-2021-43045 | 2022-01-06 | Possible DOS vulnerabilities in C# Avro SDK |
| CVE-2021-42841 | 2022-01-06 | Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to... |
| CVE-2022-21661 | 2022-01-06 | SQL injection in WordPress |
| CVE-2022-21664 | 2022-01-06 | SQL injection in WordPress |
| CVE-2022-21663 | 2022-01-06 | Authenticated Object Injection in Multisites in WordPress |
| CVE-2022-21662 | 2022-01-06 | Stored XSS in WordPress |
| CVE-2021-42392 | 2022-01-07 | The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and... |
| CVE-2021-44528 | 2022-01-07 | A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the... |
| CVE-2021-46045 | 2022-01-07 | GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). |
| CVE-2021-46046 | 2022-01-07 | A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). |
| CVE-2021-46047 | 2022-01-07 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. |
| CVE-2021-46049 | 2022-01-07 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. |
| CVE-2021-46051 | 2022-01-07 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . |
| CVE-2022-22815 | 2022-01-07 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. |
| CVE-2022-22816 | 2022-01-07 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
| CVE-2022-22817 | 2022-01-07 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. |
| CVE-2021-22569 | 2022-01-07 | Denial of Service of protobuf-java parsing procedure |
| CVE-2021-25743 | 2022-01-07 | ANSI escape characters in kubectl output are not being filtered |
| CVE-2021-38674 | 2022-01-07 | Reflected XSS Vulnerability in TFTP |
| CVE-2021-20046 | 2022-01-07 | A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the... |
| CVE-2021-20048 | 2022-01-07 | A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the... |
| CVE-2020-9057 | 2022-01-07 | Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial... |
| CVE-2020-9058 | 2022-01-07 | Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201... |
| CVE-2020-9059 | 2022-01-07 | Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42... |
| CVE-2020-9060 | 2022-01-07 | Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03,... |
| CVE-2020-9061 | 2022-01-07 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95,... |
| CVE-2021-46146 | 2022-01-07 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media... |
| CVE-2021-46150 | 2022-01-07 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in... |
| CVE-2021-46149 | 2022-01-07 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long... |
| CVE-2021-46148 | 2022-01-07 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election... |
| CVE-2021-46147 | 2022-01-07 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. |
| CVE-2020-29050 | 2022-01-07 | SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full... |
| CVE-2022-0132 | 2022-01-07 | Server-Side Request Forgery (SSRF) in chocobozzz/peertube |
| CVE-2022-0133 | 2022-01-07 | Improper Access Control in chocobozzz/peertube |
| CVE-2022-21667 | 2022-01-07 | Denial of Service in soketi |
| CVE-2021-38894 | 2022-01-07 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could... |
| CVE-2021-38895 | 2022-01-07 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-38921 | 2022-01-07 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. |
| CVE-2021-38956 | 2022-01-07 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 |
| CVE-2021-38957 | 2022-01-07 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. |
| CVE-2021-38990 | 2022-01-07 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID:... |
| CVE-2021-42749 | 2022-01-07 | In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that... |
| CVE-2021-42748 | 2022-01-07 | In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. |
| CVE-2021-23594 | 2022-01-07 | Sandbox Bypass |
| CVE-2021-23568 | 2022-01-07 | Prototype Pollution |
| CVE-2021-23543 | 2022-01-07 | Sandbox Bypass |
| CVE-2022-22701 | 2022-01-07 | PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local... |