Weekly Vulnerabilities Reports > January 10 to 16, 2022

Overview

697 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 124 high severity vulnerabilities. This weekly summary report vulnerabilities in 678 products from 183 vendors including Microsoft, Bentley, Adobe, Google, and Gpac. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Improper Privilege Management", "Cross-site Scripting", "Use After Free", and "Out-of-bounds Read".

  • 536 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 134 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 582 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 100 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

43 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-15 CVE-2022-23178 Creston Improper Authentication vulnerability in Creston Hd-Md4X2-4K-E Firmware 1.0.0.2159

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices.

10.0
2022-01-15 CVE-2021-33963 Chinamobileltd Command Injection vulnerability in Chinamobileltd AN Lianbao 2F Firmware-1 1.0.1

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability.

10.0
2022-01-14 CVE-2021-1049 Google Unspecified vulnerability in Google Android

Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722

10.0
2022-01-14 CVE-2021-39623 Google Improper Privilege Management vulnerability in Google Android

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check.

10.0
2022-01-14 CVE-2022-23227 Nuuo Missing Authentication for Critical Function vulnerability in Nuuo Nvrmini2 Firmware

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication.

10.0
2022-01-14 CVE-2021-33962 Chinamobileltd OS Command Injection vulnerability in Chinamobileltd AN Lianbao WF Firmware-1 1.0.1

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.

10.0
2022-01-14 CVE-2022-22055 LE YAN Dental Management System Project SQL Injection vulnerability in Le-Yan Dental Management System Project Le-Yan Dental Management System 2.8.5

The Le-yan dental management system contains an SQL-injection vulnerability.

10.0
2022-01-14 CVE-2022-22056 LE YAN Dental Management System Project Use of Hard-coded Credentials vulnerability in Le-Yan Dental Management System Project Le-Yan Dental Management System 2.8.5

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.

10.0
2022-01-11 CVE-2022-21874 Microsoft Code Injection vulnerability in Microsoft products

Windows Security Center API Remote Code Execution Vulnerability.

10.0
2022-01-11 CVE-2022-21898 Microsoft Unspecified vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2019

DirectX Graphics Kernel Remote Code Execution Vulnerability.

10.0
2022-01-11 CVE-2022-21907 Microsoft Unspecified vulnerability in Microsoft products

HTTP Protocol Stack Remote Code Execution Vulnerability.

10.0
2022-01-10 CVE-2021-42392 H2Database
Debian
Deserialization of Untrusted Data vulnerability in multiple products

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database.

10.0
2022-01-14 CVE-2021-28506 Arista Incorrect Authorization vulnerability in Arista EOS

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

9.4
2022-01-14 CVE-2021-44703 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44704 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44705 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44706 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44707 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44708 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44709 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44710 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44711 Adobe Integer Overflow or Wraparound vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-44743 Adobe Out-of-bounds Write vulnerability in Adobe Bridge

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-45060 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

9.3
2022-01-14 CVE-2021-45061 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-14 CVE-2021-45062 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

9.3
2022-01-11 CVE-2022-21841 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Excel Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21849 Microsoft Unspecified vulnerability in Microsoft products

Windows IKE Extension Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21850 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Client Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21851 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Client Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21878 Microsoft Code Injection vulnerability in Microsoft products

Windows Geolocation Service Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21888 Microsoft Unspecified vulnerability in Microsoft products

Windows Modern Execution Server Remote Code Execution Vulnerability.

9.3
2022-01-11 CVE-2022-21917 Microsoft Out-of-bounds Write vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability.

9.3
2022-01-10 CVE-2022-21668 Pypa
Fedoraproject
Incomplete Filtering of Special Elements vulnerability in multiple products

pipenv is a Python development workflow tool.

9.3
2022-01-10 CVE-2021-23154 Mirantis OS Command Injection vulnerability in Mirantis Lens

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell.

9.3
2022-01-15 CVE-2021-33827 Owncloud OS Command Injection vulnerability in Owncloud Files Antivirus

The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.

9.0
2022-01-13 CVE-2021-34996 Commvault Unspecified vulnerability in Commvault Commcell 11.22.22

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

9.0
2022-01-12 CVE-2022-23118 Jenkins Improper Privilege Management vulnerability in Jenkins Debian Package Builder

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.

9.0
2022-01-12 CVE-2021-42561 Mitre Argument Injection or Modification vulnerability in Mitre Caldera

An issue was discovered in CALDERA 2.8.1.

9.0
2022-01-11 CVE-2022-21837 Microsoft Code Injection vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability.

9.0
2022-01-11 CVE-2022-21857 Microsoft Improper Privilege Management vulnerability in Microsoft products

Active Directory Domain Services Elevation of Privilege Vulnerability.

9.0
2022-01-11 CVE-2022-21920 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability.

9.0
2022-01-11 CVE-2022-21922 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

9.0

124 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-10 CVE-2021-32998 Fanuc Out-of-bounds Write vulnerability in Fanuc products

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.

8.8
2022-01-14 CVE-2022-20658 Cisco Incorrect Resource Transfer Between Spheres vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.

8.5
2022-01-11 CVE-2022-21893 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Protocol Remote Code Execution Vulnerability.

8.5
2022-01-11 CVE-2021-45033 Siemens Use of Hard-coded Credentials vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20).

8.5
2022-01-13 CVE-2021-34978 Netgear Out-of-bounds Write vulnerability in Netgear R6260 Firmware 1.1.0.781.0.1

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

8.3
2022-01-13 CVE-2021-34979 Netgear Classic Buffer Overflow vulnerability in Netgear R6260 Firmware 1.1.0.781.0.1

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

8.3
2022-01-13 CVE-2021-34980 Netgear Out-of-bounds Write vulnerability in Netgear R6260 Firmware 1.1.0.781.0.1

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

8.3
2022-01-13 CVE-2022-22990 Westerndigital Improper Authentication vulnerability in Westerndigital MY Cloud OS

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices.

8.3
2022-01-13 CVE-2022-22991 Westerndigital Command Injection vulnerability in Westerndigital MY Cloud OS

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call.

8.3
2022-01-11 CVE-2022-21846 Microsoft Code Injection vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability.

8.3
2022-01-11 CVE-2022-21970 Microsoft Improper Privilege Management vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

8.3
2022-01-10 CVE-2020-9057 Linear
Silabs
Missing Encryption of Sensitive Data vulnerability in multiple products

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.

8.3
2022-01-14 CVE-2021-20612 Mitsubishielectric Use of Hard-coded Credentials vulnerability in Mitsubishielectric products

Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port.

7.8
2022-01-14 CVE-2021-20613 Mitsubishielectric Improper Initialization vulnerability in Mitsubishielectric products

Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets.

7.8
2022-01-11 CVE-2022-21880 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows GDI+ Information Disclosure Vulnerability.

7.8
2022-01-10 CVE-2021-32996 Fanuc Incorrect Conversion between Numeric Types vulnerability in Fanuc products

The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash.

7.8
2022-01-10 CVE-2021-39998 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones.

7.8
2022-01-11 CVE-2022-21855 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability.

7.7
2022-01-11 CVE-2022-21901 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability.

7.7
2022-01-11 CVE-2022-21969 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability.

7.7
2022-01-15 CVE-2021-24044 Facebook Type Confusion vulnerability in Facebook Hermes

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions.

7.5
2022-01-14 CVE-2021-44530 UI Injection vulnerability in UI Unifi Network Controller

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

7.5
2022-01-14 CVE-2022-22530 SAP Unspecified vulnerability in SAP S/4Hana

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.

7.5
2022-01-14 CVE-2021-45468 Imperva HTTP Request Smuggling vulnerability in Imperva web Application Firewall

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

7.5
2022-01-14 CVE-2022-0224 Dolibarr SQL Injection vulnerability in Dolibarr

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

7.5
2022-01-14 CVE-2022-23218 GNU Classic Buffer Overflow vulnerability in GNU Glibc

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

7.5
2022-01-14 CVE-2022-23219 GNU Classic Buffer Overflow vulnerability in GNU Glibc

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

7.5
2022-01-14 CVE-2021-38682 Qnap Out-of-bounds Write vulnerability in Qnap QVR Elite, QVR Guard and QVR PRO

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

7.5
2022-01-14 CVE-2021-38689 Qnap Out-of-bounds Write vulnerability in Qnap QVR Elite, QVR Guard and QVR PRO

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

7.5
2022-01-14 CVE-2021-38690 Qnap Out-of-bounds Write vulnerability in Qnap QVR Elite, QVR Guard and QVR PRO

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

7.5
2022-01-14 CVE-2021-38691 Qnap Out-of-bounds Write vulnerability in Qnap QVR Elite, QVR Guard and QVR PRO

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

7.5
2022-01-14 CVE-2021-38692 Qnap Out-of-bounds Write vulnerability in Qnap QVR Elite, QVR Guard and QVR PRO

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

7.5
2022-01-13 CVE-2021-34993 Commvault Improper Authentication vulnerability in Commvault Commcell 11.22.22

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22.

7.5
2022-01-13 CVE-2021-33046 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity products

Some Dahua products have access control vulnerability in the password reset process.

7.5
2022-01-13 CVE-2021-40722 Adobe XXE vulnerability in Adobe Experience Manager

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

7.5
2022-01-13 CVE-2022-22989 Westerndigital Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service.

7.5
2022-01-13 CVE-2021-45807 Jpress Command Injection vulnerability in Jpress 4.2.0

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.

7.5
2022-01-13 CVE-2022-22122 Mattermost Insufficient Session Expiration vulnerability in Mattermost Focalboard

In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration.

7.5
2022-01-13 CVE-2022-23132 Zabbix
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder.

7.5
2022-01-12 CVE-2021-38892 IBM Path Traversal vulnerability in IBM Planning Analytics and Planning Analytics Workspace

IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions.

7.5
2022-01-12 CVE-2021-45411 Printable Staff ID Card Creator System Project Unrestricted Upload of File with Dangerous Type vulnerability in Printable Staff ID Card Creator System Project Printable Staff ID Card Creator System 1.0

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

7.5
2022-01-11 CVE-2020-28102 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.1

cscms v4.1 allows for SQL injection via the "js_del" function.

7.5
2022-01-11 CVE-2020-28103 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.1

cscms v4.1 allows for SQL injection via the "page_del" function.

7.5
2022-01-10 CVE-2021-24949 Posimyth SQL Injection vulnerability in Posimyth the Plus Addons for Elementor

The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection

7.5
2022-01-10 CVE-2021-25032 Publishpress Missing Authorization vulnerability in Publishpress Capabilities

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin.

7.5
2022-01-10 CVE-2021-43297 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.

7.5
2022-01-10 CVE-2022-22817 Python
Debian
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
7.5
2022-01-10 CVE-2022-22822 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

7.5
2022-01-10 CVE-2022-22823 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

7.5
2022-01-10 CVE-2022-22824 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

7.5
2022-01-10 CVE-2022-22845 Qxip Use of Hard-coded Credentials vulnerability in Qxip Homer Webapp

QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.

7.5
2022-01-10 CVE-2021-23543 Agoric Unspecified vulnerability in Agoric Realms-Shim

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

7.5
2022-01-10 CVE-2021-23568 Eggjs Unspecified vulnerability in Eggjs Extend2 1.0.0

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.

7.5
2022-01-10 CVE-2021-23594 Agoric Unspecified vulnerability in Agoric Realms-Shim

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

7.5
2022-01-10 CVE-2021-39993 Huawei Integer Overflow or Wraparound vulnerability in Huawei Emui and Magic UI

There is an Integer overflow vulnerability with ACPU in smartphones.

7.5
2022-01-10 CVE-2021-39996 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones.

7.5
2022-01-10 CVE-2021-40010 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

7.5
2022-01-10 CVE-2021-45003 Laundry Booking Management System Project Incorrect Default Permissions vulnerability in Laundry Booking Management System Project Laundry Booking Management System 1.0

Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

7.5
2022-01-10 CVE-2021-45334 Online Thesis Archiving System Project SQL Injection vulnerability in Online Thesis Archiving System Project Online Thesis Archiving System 1.0

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection.

7.5
2022-01-14 CVE-2021-0959 Google Improper Privilege Management vulnerability in Google Android 12.0

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code.

7.2
2022-01-14 CVE-2021-1035 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy.

7.2
2022-01-14 CVE-2021-39618 Google Improper Privilege Management vulnerability in Google Android

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent.

7.2
2022-01-14 CVE-2021-39620 Google Use After Free vulnerability in Google Android 11.0/12.0

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free.

7.2
2022-01-14 CVE-2021-39621 Google Improper Privilege Management vulnerability in Google Android

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent.

7.2
2022-01-14 CVE-2021-39622 Google Improper Preservation of Permissions vulnerability in Google Android 10.0/11.0/12.0

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check.

7.2
2022-01-14 CVE-2021-39626 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy.

7.2
2022-01-14 CVE-2021-39627 Google Improper Privilege Management vulnerability in Google Android

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent.

7.2
2022-01-14 CVE-2021-39630 Google Improper Privilege Management vulnerability in Google Android 12.0

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass.

7.2
2022-01-14 CVE-2021-39632 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check.

7.2
2022-01-14 CVE-2021-39634 Google Use After Free vulnerability in Google Android

In fs/eventpoll.c, there is a possible use after free.

7.2
2022-01-14 CVE-2021-39678 Google Improper Privilege Management vulnerability in Google Android

In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>.

7.2
2022-01-14 CVE-2021-39682 Google Out-of-bounds Write vulnerability in Google Android

In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check.

7.2
2022-01-14 CVE-2021-39683 Google Out-of-bounds Write vulnerability in Google Android

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check.

7.2
2022-01-14 CVE-2021-39684 Google Improper Privilege Management vulnerability in Google Android

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code.

7.2
2022-01-14 CVE-2021-44828 ARM Improper Privilege Management vulnerability in ARM products

Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.

7.2
2022-01-14 CVE-2022-23222 Linux
Debian
Netapp
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

7.2
2022-01-13 CVE-2021-34998 Watchguard Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0.

7.2
2022-01-13 CVE-2021-30308 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2022-01-13 CVE-2021-30311 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2022-01-13 CVE-2021-30319 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.2
2022-01-11 CVE-2022-21833 Microsoft Improper Privilege Management vulnerability in Microsoft products

Virtual Machine IDE Drive Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21834 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21835 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Cryptographic Services Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21836 Microsoft Improper Certificate Validation vulnerability in Microsoft products

Windows Certificate Spoofing Vulnerability.

7.2
2022-01-11 CVE-2022-21838 Microsoft Link Following vulnerability in Microsoft products

Windows Cleanup Manager Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21852 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21858 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Bind Filter Driver Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21861 Microsoft Improper Privilege Management vulnerability in Microsoft products

Task Flow Data Engine Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21869 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2019

Clipboard User Service Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21870 Microsoft Improper Privilege Management vulnerability in Microsoft products

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21871 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21872 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21873 Microsoft Improper Privilege Management vulnerability in Microsoft products

Tile Data Repository Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21875 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Storage Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21879 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21881 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21882 Microsoft Improper Privilege Management vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21884 Microsoft Improper Privilege Management vulnerability in Microsoft products

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21885 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21887 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 11

Win32k Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21892 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21895 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows User Profile Service Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21897 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21902 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21903 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21908 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21912 Microsoft Unspecified vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2019

DirectX Graphics Kernel Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21914 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21916 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

7.2
2022-01-11 CVE-2022-21958 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21959 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21960 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21961 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21962 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-21963 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

7.2
2022-01-11 CVE-2022-0129 Mcafee Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user.

7.2
2022-01-10 CVE-2021-30360 Checkpoint Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security

Users have access to the directory where the installation repair occurs.

7.2
2022-01-10 CVE-2021-45231 Trendmicro Improper Privilege Management vulnerability in Trendmicro products

A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.

7.2
2022-01-10 CVE-2021-45440 Trendmicro Improper Privilege Management vulnerability in Trendmicro products

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.

7.2
2022-01-10 CVE-2021-45441 Trendmicro Command Injection vulnerability in Trendmicro products

A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges.

7.2
2022-01-11 CVE-2022-21848 Microsoft Resource Exhaustion vulnerability in Microsoft products

Windows IKE Extension Denial of Service Vulnerability.

7.1
2022-01-11 CVE-2022-21883 Microsoft Unspecified vulnerability in Microsoft products

Windows IKE Extension Denial of Service Vulnerability.

7.1
2022-01-11 CVE-2021-1573 Cisco HTTP Request Smuggling vulnerability in Cisco Adaptive Security Appliance

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

7.1
2022-01-11 CVE-2021-34704 Cisco HTTP Request Smuggling vulnerability in Cisco products

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

7.1

457 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-15 CVE-2021-44049 Cyberark Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

6.9
2022-01-14 CVE-2021-28500 Arista Incorrect Authorization vulnerability in Arista EOS

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

6.9
2022-01-14 CVE-2021-28501 Arista Incorrect Authorization vulnerability in Arista Terminattr 1.7.2

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

6.9
2022-01-14 CVE-2021-39625 Google Improper Privilege Management vulnerability in Google Android

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent.

6.9
2022-01-14 CVE-2021-39629 Google Use After Free vulnerability in Google Android

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition.

6.9
2022-01-14 CVE-2021-39679 Google Use After Free vulnerability in Google Android

In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition.

6.9
2022-01-12 CVE-2022-0014 Paloaltonetworks Untrusted Search Path vulnerability in Paloaltonetworks Cortex XDR Agent

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session.

6.9
2022-01-11 CVE-2022-21859 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Accounts Control Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21862 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Application Model Core API Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21863 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows StateRepository API Server file Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21867 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Push Notifications Apps Elevation Of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21868 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Devices Human Interface Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21896 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21919 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows User Profile Service Elevation of Privilege Vulnerability.

6.9
2022-01-11 CVE-2022-21928 Microsoft Code Injection vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability.

6.9
2022-01-15 CVE-2021-44537 Owncloud Injection vulnerability in Owncloud

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

6.8
2022-01-15 CVE-2022-23095 Opendesign Unspecified vulnerability in Opendesign Drawings Software Development KIT 2021.11/2021.12

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files.

6.8
2022-01-14 CVE-2021-1036 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.

6.8
2022-01-14 CVE-2021-23138 WE CON Out-of-bounds Write vulnerability in We-Con Levistudiou

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

6.8
2022-01-14 CVE-2021-23157 WE CON Out-of-bounds Write vulnerability in We-Con Levistudiou

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

6.8
2022-01-14 CVE-2021-44701 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-14 CVE-2021-45064 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-14 CVE-2021-45068 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-14 CVE-2022-0130 Tenable Code Injection vulnerability in Tenable Tenable.Sc

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.

6.8
2022-01-14 CVE-2022-21137 Omron Out-of-bounds Write vulnerability in Omron Cx-One 4.42/4.50/4.60

Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.

6.8
2022-01-14 CVE-2022-0213 VIM
Debian
Heap-based Buffer Overflow vulnerability in multiple products

vim is vulnerable to Heap-based Buffer Overflow

6.8
2022-01-13 CVE-2021-34858 Teamviewer Out-of-bounds Read vulnerability in Teamviewer

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer.

6.8
2022-01-13 CVE-2021-34871 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34872 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34873 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34874 Bentley Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34875 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34876 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34877 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34878 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34879 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34880 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34885 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34891 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34892 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34893 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34894 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34895 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34896 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34897 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34898 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34899 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34900 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34903 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34904 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34905 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34906 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34907 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34908 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34909 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34911 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34912 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34913 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34914 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34915 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34917 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34918 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34919 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34920 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34921 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34922 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34923 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34924 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34925 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34926 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34927 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34928 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34929 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34930 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34931 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34932 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34933 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34934 Bentley Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34935 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34936 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34937 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34938 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34939 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34940 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34941 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34942 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34945 Bentley Out-of-bounds Write vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-34946 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

6.8
2022-01-13 CVE-2021-23227 PHP Everywhere Project Cross-Site Request Forgery (CSRF) vulnerability in PHP Everywhere Project PHP Everywhere

Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2).

6.8
2022-01-13 CVE-2021-45053 Adobe Out-of-bounds Write vulnerability in Adobe Incopy 15.1.3/16.0/16.4

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-13 CVE-2021-45055 Adobe Out-of-bounds Read vulnerability in Adobe Incopy 15.1.3/16.0/16.4

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

6.8
2022-01-13 CVE-2021-45056 Adobe Out-of-bounds Write vulnerability in Adobe Incopy 15.1.3/16.0/16.4

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-13 CVE-2021-45057 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-13 CVE-2021-45058 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-01-13 CVE-2021-40574 Gpac Double Free vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

6.8
2022-01-13 CVE-2021-40568 Gpac Classic Buffer Overflow vulnerability in Gpac

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

6.8
2022-01-13 CVE-2021-40570 Gpac Double Free vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

6.8
2022-01-13 CVE-2021-40571 Gpac Double Free vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

6.8
2022-01-13 CVE-2022-0196 Phoronix Media
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

6.8
2022-01-13 CVE-2022-0197 Phoronix Media
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

6.8
2022-01-12 CVE-2021-43860 Flatpak
Fedoraproject
Redhat
Debian
Incorrect Default Permissions vulnerability in multiple products

Flatpak is a Linux application sandboxing and distribution framework.

6.8
2022-01-12 CVE-2021-41597 Salesagility Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

6.8
2022-01-12 CVE-2021-36417 Gpac Out-of-bounds Write vulnerability in Gpac 1.0.1

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.

6.8
2022-01-12 CVE-2022-21675 Bytecode Viewer Project Path Traversal vulnerability in Bytecode Viewer Project Bytecode Viewer 2.10.16

Bytecode Viewer (BCV) is a Java/Android reverse engineering suite.

6.8
2022-01-12 CVE-2021-44652 Zohocorp Unspecified vulnerability in Zohocorp Manageengine O365 Manager Plus

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

6.8
2022-01-12 CVE-2021-44648 Gnome
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

6.8
2022-01-11 CVE-2022-21840 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability.

6.8
2022-01-11 CVE-2022-21842 Microsoft Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Word

Microsoft Word Remote Code Execution Vulnerability.

6.8
2022-01-11 CVE-2021-43972 Sysaid Unspecified vulnerability in Sysaid 20.4.74

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.

6.8
2022-01-10 CVE-2021-36409 Struktur Reachable Assertion vulnerability in Struktur Libde265 1.0.8

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

6.8
2022-01-10 CVE-2021-36412 Gpac Out-of-bounds Write vulnerability in Gpac 1.0.1

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,

6.8
2022-01-10 CVE-2021-36414 Gpac Out-of-bounds Write vulnerability in Gpac 1.0.1

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

6.8
2022-01-10 CVE-2022-22825 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

6.8
2022-01-10 CVE-2022-22826 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

6.8
2022-01-10 CVE-2022-22827 Libexpat Project
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

6.8
2022-01-10 CVE-2022-22847 Formpipe Unspecified vulnerability in Formpipe Lasernet

Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).

6.8
2022-01-10 CVE-2021-46059 VIM NULL Pointer Dereference vulnerability in VIM 8.2.3883

A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

6.8
2022-01-10 CVE-2021-46147 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

6.8
2022-01-10 CVE-2021-34086 Ultimaker Cross-Site Request Forgery (CSRF) vulnerability in Ultimaker products

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF.

6.8
2022-01-10 CVE-2021-34087 Ultimaker Improper Restriction of Rendered UI Layers or Frames vulnerability in Ultimaker products

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking.

6.8
2022-01-10 CVE-2021-43579 Htmldoc Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

6.8
2022-01-10 CVE-2021-44024 Trendmicro Link Following vulnerability in Trendmicro products

A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.

6.6
2022-01-10 CVE-2021-45442 Trendmicro Link Following vulnerability in Trendmicro products

A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.

6.6
2022-01-15 CVE-2021-33828 Owncloud Unrestricted Upload of File with Dangerous Type vulnerability in Owncloud Files Antivirus

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.

6.5
2022-01-14 CVE-2021-45406 Salonerp Project SQL Injection vulnerability in Salonerp Project Salonerp 3.0.1

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report.

6.5
2022-01-14 CVE-2021-32649 Octobercms Injection vulnerability in Octobercms October

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.

6.5
2022-01-14 CVE-2021-32650 Octobercms Injection vulnerability in Octobercms October 1.0.472/1.1.5

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.

6.5
2022-01-13 CVE-2021-34994 Commvault Improper Input Validation vulnerability in Commvault Commcell 11.22.22

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

6.5
2022-01-13 CVE-2021-34995 Commvault Unrestricted Upload of File with Dangerous Type vulnerability in Commvault Commcell 11.22.22

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

6.5
2022-01-13 CVE-2021-34997 Commvault Unrestricted Upload of File with Dangerous Type vulnerability in Commvault Commcell 11.22.22

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

6.5
2022-01-13 CVE-2021-45806 Jpress Command Injection vulnerability in Jpress 4.2.0

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

6.5
2022-01-13 CVE-2022-22113 Daybydaycrm Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.

6.5
2022-01-12 CVE-2021-42559 Mitre Command Injection vulnerability in Mitre Caldera

An issue was discovered in CALDERA 2.8.1.

6.5
2022-01-12 CVE-2022-20617 Jenkins OS Command Injection vulnerability in Jenkins Docker Commons 1.9

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.

6.5
2022-01-12 CVE-2021-42560 Mitre XXE vulnerability in Mitre Caldera 2.9.0

An issue was discovered in CALDERA 2.9.0.

6.5
2022-01-12 CVE-2021-44651 Zohocorp Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Log360 and Manageengine Cloud Security Plus

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

6.5
2022-01-12 CVE-2021-44650 Zohocorp Unspecified vulnerability in Zohocorp Manageengine M365 Manager Plus 4.4

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

6.5
2022-01-12 CVE-2021-4080 Craterapp Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

6.5
2022-01-11 CVE-2021-43971 Sysaid SQL Injection vulnerability in Sysaid 20.4.74

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.

6.5
2022-01-11 CVE-2021-43973 Sysaid Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid 20.4.74

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body.

6.5
2022-01-11 CVE-2021-43054 Tibco Unspecified vulnerability in Tibco Eftl

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions.

6.5
2022-01-11 CVE-2021-43055 Tibco Improper Privilege Management vulnerability in Tibco Eftl

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system.

6.5
2022-01-10 CVE-2021-21408 Smarty
Debian
Improper Input Validation vulnerability in multiple products

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

6.5
2022-01-10 CVE-2021-29454 Smarty
Debian
Injection vulnerability in multiple products

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

6.5
2022-01-10 CVE-2022-21666 Useful Simple Open Source CMS Project SQL Injection vulnerability in Useful Simple Open-Source CMS Project Useful Simple Open-Source CMS

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers.

6.5
2022-01-10 CVE-2020-28679 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.

6.5
2022-01-10 CVE-2021-24862 Metagauss SQL Injection vulnerability in Metagauss Registrationmagic

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue

6.5
2022-01-10 CVE-2021-25054 WOW Company SQL Injection vulnerability in Wow-Company Wpcalc 2.1

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

6.5
2022-01-10 CVE-2021-46164 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

6.5
2022-01-10 CVE-2021-20046 Sonicwall Out-of-bounds Write vulnerability in Sonicwall Sonicos

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall.

6.5
2022-01-10 CVE-2021-20048 Sonicwall Out-of-bounds Write vulnerability in Sonicwall Sonicos

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall.

6.5
2022-01-13 CVE-2021-43762 Adobe Improper Input Validation vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls.

6.4
2022-01-13 CVE-2022-22988 Westerndigital Incorrect Permission Assignment for Critical Resource vulnerability in Westerndigital Edgerover 0.25

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.

6.4
2022-01-10 CVE-2022-22815 Python
Debian
Improper Initialization vulnerability in multiple products

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

6.4
2022-01-10 CVE-2022-22816 Python
Debian
Out-of-bounds Read vulnerability in multiple products

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

6.4
2022-01-10 CVE-2020-9059 Silabs
Schlage
Resource Exhaustion vulnerability in multiple products

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion.

6.1
2022-01-10 CVE-2020-9060 Silabs
Aeotec
Fibaro
Zooz
Resource Exhaustion vulnerability in multiple products

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

6.1
2022-01-13 CVE-2022-21684 Discourse Incorrect Authorization vulnerability in Discourse

Discourse is an open source discussion platform.

6.0
2022-01-11 CVE-2021-43999 Apache Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider.

6.0
2022-01-11 CVE-2021-37197 Siemens SQL Injection vulnerability in Siemens Comos

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

6.0
2022-01-10 CVE-2022-22121 Xgenecloud Improper Neutralization of Formula Elements in a CSV File vulnerability in Xgenecloud Nocodb

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection).

6.0
2022-01-16 CVE-2022-0235 Node Fetch Project Open Redirect vulnerability in Node-Fetch Project Node-Fetch

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

5.8
2022-01-14 CVE-2021-38678 Qnap Open Redirect vulnerability in Qnap Qcalagent

An open redirect vulnerability has been reported to affect QNAP device running QcalAgent.

5.8
2022-01-13 CVE-2021-34977 Netgear Improper Authentication vulnerability in Netgear R7000 Firmware 1.0.11.11610.2.100

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers.

5.8
2022-01-13 CVE-2022-0198 Stanford XXE vulnerability in Stanford Corenlp

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

5.8
2022-01-12 CVE-2022-20619 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source 737.Vdf9Dc06105Be

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

5.8
2022-01-12 CVE-2022-23115 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Batch Task

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

5.8
2022-01-11 CVE-2022-21954 Microsoft Improper Privilege Management vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

5.8
2022-01-10 CVE-2021-40000 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The Bluetooth module has an out-of-bounds write vulnerability.

5.8
2022-01-10 CVE-2021-40002 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The Bluetooth module has an out-of-bounds write vulnerability.

5.8
2022-01-10 CVE-2021-44528 Rubyonrails Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

5.8
2022-01-14 CVE-2022-22531 SAP Unspecified vulnerability in SAP S/4Hana

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.

5.5
2022-01-14 CVE-2021-46255 Eyoucms Unspecified vulnerability in Eyoucms 1.5.5Utf8Sp31

eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

5.5
2022-01-13 CVE-2022-0178 Snipeitapp Improper Access Control vulnerability in Snipeitapp Snipe-It

snipe-it is vulnerable to Improper Access Control

5.5
2022-01-12 CVE-2022-23107 Jenkins Path Traversal vulnerability in Jenkins Warnings Next Generation

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

5.5
2022-01-12 CVE-2021-42562 Mitre Incorrect Permission Assignment for Critical Resource vulnerability in Mitre Caldera

An issue was discovered in CALDERA 2.8.1.

5.5
2022-01-11 CVE-2022-21646 Authzed Improper Input Validation vulnerability in Authzed Spicedb 1.3.0

SpiceDB is a database system for managing security-critical application permissions.

5.5
2022-01-11 CVE-2021-45460 Siemens Unquoted Search Path or Element vulnerability in Siemens Sicam PQ Analyzer Firmware 3.11

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18).

5.5
2022-01-11 CVE-2022-21924 Microsoft Unspecified vulnerability in Microsoft products

Workstation Service Remote Protocol Security Feature Bypass Vulnerability.

5.4
2022-01-11 CVE-2022-21925 Microsoft Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability.

5.4
2022-01-13 CVE-2022-23131 Zabbix Authentication Bypass by Spoofing vulnerability in Zabbix

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.

5.1
2022-01-11 CVE-2021-37198 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens Comos

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

5.1
2022-01-10 CVE-2021-25051 WOW Company Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

5.1
2022-01-10 CVE-2021-25052 WOW Company Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

5.1
2022-01-10 CVE-2021-25053 WOW Company Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

5.1
2022-01-10 CVE-2021-44458 Mirantis Improper Authentication vulnerability in Mirantis Lens

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website.

5.1
2022-01-15 CVE-2021-32545 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.

5.0
2022-01-15 CVE-2021-33498 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).

5.0
2022-01-15 CVE-2021-33499 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).

5.0
2022-01-15 CVE-2021-35969 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

5.0
2022-01-15 CVE-2021-42555 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

5.0
2022-01-15 CVE-2022-23094 Libreswan
Fedoraproject
Debian
NULL Pointer Dereference vulnerability in multiple products

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists.

5.0
2022-01-14 CVE-2021-46170 Jerryscript Use After Free vulnerability in Jerryscript 2.3.0

An issue was discovered in JerryScript commit a6ab5e9.

5.0
2022-01-14 CVE-2021-1037 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it.

5.0
2022-01-14 CVE-2021-23567 Colors JS Project Infinite Loop vulnerability in Colors.Js Project Colors.Js 1.4.1/1.4.44Liberty2

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module.

5.0
2022-01-14 CVE-2021-36199 Johnsoncontrols Unspecified vulnerability in Johnsoncontrols Videoedge 5.4.1/5.7.1

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

5.0
2022-01-14 CVE-2021-3965 HP Authorization Bypass Through User-Controlled Key vulnerability in HP products

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

5.0
2022-01-14 CVE-2021-45769 MZ Automation NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850 1.5.0

A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.

5.0
2022-01-14 CVE-2021-45773 MZ Automation NULL Pointer Dereference vulnerability in Mz-Automation Lib60870

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

5.0
2022-01-14 CVE-2021-46020 Mruby Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mruby 3.0.0

An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.

5.0
2022-01-14 CVE-2021-45761 Ropium Project NULL Pointer Dereference vulnerability in Ropium Project Ropium 3.1

ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.

5.0
2022-01-14 CVE-2021-24046 RAY BAN Forced Browsing vulnerability in Ray-Ban products

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application.

5.0
2022-01-14 CVE-2022-21677 Discourse Information Exposure vulnerability in Discourse

Discourse is an open source discussion platform.

5.0
2022-01-14 CVE-2022-21680 Marked Project Unspecified vulnerability in Marked Project Marked

Marked is a markdown parser and compiler.

5.0
2022-01-14 CVE-2022-21681 Marked Project Unspecified vulnerability in Marked Project Marked

Marked is a markdown parser and compiler.

5.0
2022-01-14 CVE-2022-20698 Clamav
Debian
Canonical
Improper Input Validation vulnerability in multiple products

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

5.0
2022-01-13 CVE-2022-23134 Zabbix
Fedoraproject
Debian
Incorrect Authorization vulnerability in multiple products

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.

5.0
2022-01-13 CVE-2021-23514 Crowcpp Path Traversal vulnerability in Crowcpp Crow

This affects the package Crow before 0.3+4.

5.0
2022-01-13 CVE-2021-30287 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

5.0
2022-01-13 CVE-2021-30300 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2022-01-13 CVE-2021-30301 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile

5.0
2022-01-13 CVE-2021-30307 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

5.0
2022-01-13 CVE-2021-30330 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2022-01-13 CVE-2021-30353 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2022-01-12 CVE-2022-23106 Jenkins Information Exposure Through Discrepancy vulnerability in Jenkins Configuration AS Code

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

5.0
2022-01-12 CVE-2022-23116 Jenkins Missing Encryption of Sensitive Data vulnerability in Jenkins Conjur Secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

5.0
2022-01-12 CVE-2022-23117 Jenkins Improper Privilege Management vulnerability in Jenkins Conjur Secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.

5.0
2022-01-12 CVE-2022-21676 Socket Improper Check for Unusual or Exceptional Conditions vulnerability in Socket Engine.Io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO.

5.0
2022-01-12 CVE-2021-28377 Chronoengine Path Traversal vulnerability in Chronoengine Chronoforums 2.0.11

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.

5.0
2022-01-12 CVE-2021-45445 Unisys Infinite Loop vulnerability in Unisys Clearpath MCP Tcp/Ip Networking Services 59.1/60.0/62.0

Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.

5.0
2022-01-12 CVE-2021-3852 Weseek Authorization Bypass Through User-Controlled Key vulnerability in Weseek Growi

growi is vulnerable to Authorization Bypass Through User-Controlled Key

5.0
2022-01-11 CVE-2022-21904 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows GDI Information Disclosure Vulnerability.

5.0
2022-01-11 CVE-2022-21911 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET Framework Denial of Service Vulnerability.

5.0
2022-01-11 CVE-2022-21913 Microsoft Incorrect Authorization vulnerability in Microsoft products

Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.

5.0
2022-01-11 CVE-2021-43974 Sysaid Incorrect Authorization vulnerability in Sysaid Itil 20.4.74

An issue was discovered in SysAid ITIL 20.4.74 b10.

5.0
2022-01-11 CVE-2021-43052 Tibco Use of Hard-coded Credentials vulnerability in Tibco FTL

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system.

5.0
2022-01-11 CVE-2021-43053 Tibco Unspecified vulnerability in Tibco FTL

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server.

5.0
2022-01-11 CVE-2022-21669 Puddingbot Project Use of Hard-coded Credentials vulnerability in Puddingbot Project Puddingbot

PuddingBot is a group management bot.

5.0
2022-01-11 CVE-2021-41769 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83).

5.0
2022-01-10 CVE-2022-21670 Markdown IT Project Resource Exhaustion vulnerability in Markdown-It Project Markdown-It

markdown-it is a Markdown parser.

5.0
2022-01-10 CVE-2021-24948 Posimyth Information Exposure vulnerability in Posimyth the Plus Addons for Elementor

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

5.0
2022-01-10 CVE-2022-22120 Xgenecloud Information Exposure Through Discrepancy vulnerability in Xgenecloud Nocodb

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature.

5.0
2022-01-10 CVE-2021-44586 DST Admin Project Incorrect Authorization vulnerability in Dst-Admin Project Dst-Admin 1.3.0

An issue was discovered in dst-admin v1.3.0.

5.0
2022-01-10 CVE-2022-0132 Framasoft Server-Side Request Forgery (SSRF) vulnerability in Framasoft Peertube

peertube is vulnerable to Server-Side Request Forgery (SSRF)

5.0
2022-01-10 CVE-2022-0133 Framasoft Improper Access Control vulnerability in Framasoft Peertube

peertube is vulnerable to Improper Access Control

5.0
2022-01-10 CVE-2022-21667 Soketi Project Improper Handling of Exceptional Conditions vulnerability in Soketi Project Soketi

soketi is an open-source WebSockets server.

5.0
2022-01-10 CVE-2022-22288 Samsung Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

5.0
2022-01-10 CVE-2022-22289 Samsung Improper Authentication vulnerability in Samsung S Assistant

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.

5.0
2022-01-10 CVE-2022-22846 Dnslib Project Unspecified vulnerability in Dnslib Project Dnslib

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.

5.0
2022-01-10 CVE-2021-45856 Accu Time Classic Buffer Overflow vulnerability in Accu-Time Maximus Firmware 1.0

Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash

5.0
2022-01-10 CVE-2021-46058 GNU Out-of-bounds Write vulnerability in GNU Inetutils 2.2

AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2 in cmds.c, which caused a denial of service.

5.0
2022-01-10 CVE-2021-46060 GNU NULL Pointer Dereference vulnerability in GNU Inetutils 2.2

A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 via the setcmd function at commands.c, which causes a denial of service.

5.0
2022-01-10 CVE-2021-46149 Mediawiki Resource Exhaustion vulnerability in Mediawiki

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

5.0
2022-01-10 CVE-2020-29050 Sphinxsearch
Debian
Path Traversal vulnerability in multiple products

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory).

5.0
2022-01-10 CVE-2021-35247 Solarwinds Improper Input Validation vulnerability in Solarwinds Serv-U

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.

5.0
2022-01-10 CVE-2021-38921 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2022-01-10 CVE-2021-38956 IBM Information Exposure vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system.

5.0
2022-01-10 CVE-2021-38957 IBM Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation.

5.0
2022-01-10 CVE-2021-40001 Huawei Path Traversal vulnerability in Huawei Harmonyos

The CaasKit module has a path traversal vulnerability.

5.0
2022-01-10 CVE-2021-40003 Huawei Path Traversal vulnerability in Huawei Harmonyos

HwPCAssistant has a path traversal vulnerability.

5.0
2022-01-10 CVE-2021-40004 Huawei Incorrect Default Permissions vulnerability in Huawei Harmonyos

The cellular module has a vulnerability in permission management.

5.0
2022-01-10 CVE-2021-40005 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Harmonyos

The distributed data service component has a vulnerability in data access control.

5.0
2022-01-10 CVE-2021-40009 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

There is an Out-of-bounds write vulnerability in the AOD module in smartphones.

5.0
2022-01-10 CVE-2021-40011 Huawei Resource Exhaustion vulnerability in Huawei Emui, Harmonyos and Magic UI

There is an uncontrolled resource consumption vulnerability in the display module.

5.0
2022-01-10 CVE-2021-40014 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The bone voice ID trusted application (TA) has a heap overflow vulnerability.

5.0
2022-01-10 CVE-2021-40018 Huawei NULL Pointer Dereference vulnerability in Huawei Harmonyos

The eID module has a null pointer reference vulnerability.

5.0
2022-01-10 CVE-2021-40020 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Magic UI

There is an Out-of-bounds array read vulnerability in the security storage module in smartphones.

5.0
2022-01-10 CVE-2021-40021 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-01-10 CVE-2021-40022 Huawei Unspecified vulnerability in Huawei Harmonyos

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-01-10 CVE-2021-40025 Huawei Improper Initialization vulnerability in Huawei Harmonyos

The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-01-10 CVE-2021-40026 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones.

5.0
2022-01-10 CVE-2021-40027 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Harmonyos

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-01-10 CVE-2021-40028 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.

5.0
2022-01-10 CVE-2021-40029 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones.

5.0
2022-01-10 CVE-2021-40031 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Magic UI

There is a Null pointer dereference vulnerability in the camera module in smartphones.

5.0
2022-01-10 CVE-2021-40032 Huawei Unspecified vulnerability in Huawei Harmonyos

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-01-10 CVE-2021-40035 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones.

5.0
2022-01-10 CVE-2021-40038 Huawei Double Free vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Double free vulnerability in the AOD module in smartphones.

5.0
2022-01-10 CVE-2021-40039 Huawei NULL Pointer Dereference vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Null pointer dereference vulnerability in the camera module in smartphones.

5.0
2022-01-10 CVE-2021-42748 Fastlinemedia Exposure of Resource to Wrong Sphere vulnerability in Fastlinemedia Beaver Builder

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

5.0
2022-01-10 CVE-2021-42749 Fastlinemedia Exposure of Resource to Wrong Sphere vulnerability in Fastlinemedia Beaver Themer

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives.

5.0
2022-01-14 CVE-2021-28507 Arista Incorrect Authorization vulnerability in Arista EOS

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

4.9
2022-01-12 CVE-2022-0179 Snipeitapp Incorrect Default Permissions vulnerability in Snipeitapp Snipe-It

snipe-it is vulnerable to Improper Access Control

4.9
2022-01-11 CVE-2021-46283 Linux Improper Initialization vulnerability in Linux Kernel

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc.

4.9
2022-01-11 CVE-2022-21847 Microsoft Resource Exhaustion vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability.

4.9
2022-01-11 CVE-2022-21876 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Win32k Information Disclosure Vulnerability.

4.9
2022-01-11 CVE-2022-21877 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Storage Spaces Controller Information Disclosure Vulnerability.

4.9
2022-01-11 CVE-2022-21894 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability.

4.9
2022-01-11 CVE-2022-21899 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability.

4.9
2022-01-11 CVE-2022-21905 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Security Feature Bypass Vulnerability.

4.9
2022-01-11 CVE-2022-21918 Microsoft Resource Exhaustion vulnerability in Microsoft products

DirectX Graphics Kernel File Denial of Service Vulnerability.

4.9
2022-01-11 CVE-2022-21921 Microsoft Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server

Windows Defender Credential Guard Security Feature Bypass Vulnerability.

4.9
2022-01-11 CVE-2022-21964 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft Windows 10 1607

Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability.

4.9
2022-01-10 CVE-2021-40037 Huawei Type Confusion vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones.

4.9
2022-01-10 CVE-2020-9058 Silabs
Dome
Jasco
Linear
Missing Encryption of Sensitive Data vulnerability in multiple products

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

4.8
2022-01-14 CVE-2021-39659 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception.

4.7
2022-01-14 CVE-2021-39681 Google Use After Free vulnerability in Google Android

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free.

4.6
2022-01-13 CVE-2021-30285 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

4.6
2022-01-12 CVE-2022-0015 Paloaltonetworks Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges.

4.6
2022-01-11 CVE-2022-21910 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.

4.6
2022-01-11 CVE-2021-38991 IBM Command Injection vulnerability in IBM AIX and Vios

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution.

4.6
2022-01-10 CVE-2022-22265 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

4.6
2022-01-10 CVE-2021-46165 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.

4.6
2022-01-10 CVE-2021-38990 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution.

4.6
2022-01-13 CVE-2021-30313 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

4.4
2022-01-11 CVE-2022-21860 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows AppContracts API Server Elevation of Privilege Vulnerability.

4.4
2022-01-11 CVE-2022-21864 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows UI Immersive Server API Elevation of Privilege Vulnerability.

4.4
2022-01-11 CVE-2022-21865 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016

Connected Devices Platform Service Elevation of Privilege Vulnerability.

4.4
2022-01-11 CVE-2022-21866 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows System Launcher Elevation of Privilege Vulnerability.

4.4
2022-01-16 CVE-2022-0238 Phoronix Media
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

4.3
2022-01-14 CVE-2021-46168 Spinroot Out-of-bounds Write vulnerability in Spinroot Spin 6.5.1

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.

4.3
2022-01-14 CVE-2021-46169 Modex Project Use After Free vulnerability in Modex Project Modex 2.11

Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.

4.3
2022-01-14 CVE-2021-46171 Modex Project NULL Pointer Dereference vulnerability in Modex Project Modex 2.11

Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.

4.3
2022-01-14 CVE-2021-38126 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.

4.3
2022-01-14 CVE-2021-38127 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.

4.3
2022-01-14 CVE-2021-43752 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-44700 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-44702 Adobe Information Exposure vulnerability in Adobe products

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability.

4.3
2022-01-14 CVE-2021-44712 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service.

4.3
2022-01-14 CVE-2021-44713 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service.

4.3
2022-01-14 CVE-2021-44714 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass.

4.3
2022-01-14 CVE-2021-44715 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

4.3
2022-01-14 CVE-2021-44739 Adobe Information Exposure vulnerability in Adobe products

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability.

4.3
2022-01-14 CVE-2021-44740 Adobe NULL Pointer Dereference vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file.

4.3
2022-01-14 CVE-2021-44741 Adobe NULL Pointer Dereference vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file.

4.3
2022-01-14 CVE-2021-44742 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

4.3
2022-01-14 CVE-2021-45051 Adobe Use After Free vulnerability in Adobe Bridge

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-45052 Adobe Out-of-bounds Read vulnerability in Adobe Bridge

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-45063 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-45067 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-01-14 CVE-2021-45764 Gpac Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gpac 1.1.0

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().

4.3
2022-01-14 CVE-2021-45767 Gpac Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gpac 1.1.0

GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id().

4.3
2022-01-14 CVE-2021-46019 GNU NULL Pointer Dereference vulnerability in GNU Recutils 1.8.90

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

4.3
2022-01-14 CVE-2021-46021 GNU Use After Free vulnerability in GNU Recutils 1.8.90

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

4.3
2022-01-14 CVE-2021-46022 GNU Use After Free vulnerability in GNU Recutils 1.8.90

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

4.3
2022-01-14 CVE-2021-46195 GNU Uncontrolled Recursion vulnerability in GNU GCC 12.0

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c.

4.3
2022-01-14 CVE-2022-22290 Samsung Improper Handling of Exceptional Conditions vulnerability in Samsung Internet

Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.

4.3
2022-01-14 CVE-2022-22529 SAP Cross-site Scripting vulnerability in SAP Enterprise Threat Detection 2.0

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability.

4.3
2022-01-14 CVE-2021-45762 Gpac Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gpac 1.1.0

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset().

4.3
2022-01-14 CVE-2021-45763 Gpac Improper Input Validation vulnerability in Gpac 1.1.0

GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed().

4.3
2022-01-14 CVE-2022-0226 Livehelperchat Cross-Site Request Forgery (CSRF) vulnerability in Livehelperchat Live Helper Chat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

4.3
2022-01-14 CVE-2022-0231 Livehelperchat Cross-Site Request Forgery (CSRF) vulnerability in Livehelperchat Live Helper Chat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

4.3
2022-01-14 CVE-2021-42551 Alcoda Cross-site Scripting vulnerability in Alcoda Netbiblio

Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack.

4.3
2022-01-14 CVE-2022-20635 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20636 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20637 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20638 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20639 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20640 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20641 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20642 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20643 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20644 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20645 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20646 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2022-20647 Cisco Cross-site Scripting vulnerability in Cisco Security Manager

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

4.3
2022-01-14 CVE-2021-38677 Qnap Cross-site Scripting vulnerability in Qnap Qcalagent

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent.

4.3
2022-01-14 CVE-2021-45760 Gpac Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gpac 1.1.0

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last().

4.3
2022-01-13 CVE-2021-34881 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34882 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34883 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34884 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34886 Bentley Use After Free vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34887 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34888 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34889 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34890 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34901 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34902 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34910 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34916 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34943 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34944 Bentley Out-of-bounds Read vulnerability in Bentley View and Microstation

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

4.3
2022-01-13 CVE-2021-34984 Bentley Out-of-bounds Read vulnerability in Bentley Contextcapture Viewer 10.18.00.236

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232.

4.3
2022-01-13 CVE-2021-34985 Bentley Out-of-bounds Read vulnerability in Bentley Contextcapture Viewer 10.18.00.236

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232.

4.3
2022-01-13 CVE-2021-43765 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

4.3
2022-01-13 CVE-2021-44176 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

4.3
2022-01-13 CVE-2021-44177 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

4.3
2022-01-13 CVE-2021-44178 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter.

4.3
2022-01-13 CVE-2021-45054 Adobe Use After Free vulnerability in Adobe Incopy 15.1.3/16.0/16.4

Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory.

4.3
2022-01-13 CVE-2021-45059 Adobe Use After Free vulnerability in Adobe Indesign

Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory.

4.3
2022-01-13 CVE-2021-40572 Gpac Double Free vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

4.3
2022-01-13 CVE-2021-40573 Gpac Double Free vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

4.3
2022-01-13 CVE-2021-40575 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service.

4.3
2022-01-13 CVE-2021-40576 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

4.3
2022-01-13 CVE-2021-45422 Reprisesoftware Cross-site Scripting vulnerability in Reprisesoftware Reprise License Manager 14.2

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET.

4.3
2022-01-13 CVE-2021-40567 Gpac Unspecified vulnerability in Gpac

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.

4.3
2022-01-13 CVE-2021-40569 Gpac Double Free vulnerability in Gpac

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.

4.3
2022-01-13 CVE-2021-23824 Crowcpp Cross-site Scripting vulnerability in Crowcpp Crow

This affects the package Crow before 0.3+4.

4.3
2022-01-12 CVE-2021-40562 Gpac Incorrect Comparison vulnerability in Gpac

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.

4.3
2022-01-12 CVE-2021-40563 Gpac NULL Pointer Dereference vulnerability in Gpac

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.

4.3
2022-01-12 CVE-2021-40564 Gpac NULL Pointer Dereference vulnerability in Gpac

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

4.3
2022-01-12 CVE-2021-40565 Gpac NULL Pointer Dereference vulnerability in Gpac

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.

4.3
2022-01-12 CVE-2021-40566 Gpac Use After Free vulnerability in Gpac

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.

4.3
2022-01-12 CVE-2021-37529 Fig2Dev Project
Debian
Double Free vulnerability in multiple products

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

4.3
2022-01-12 CVE-2021-37530 Fig2Dev Project
Debian
Out-of-bounds Write vulnerability in multiple products

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

4.3
2022-01-12 CVE-2021-40559 Gpac NULL Pointer Dereference vulnerability in Gpac

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

4.3
2022-01-12 CVE-2021-42558 Mitre Cross-site Scripting vulnerability in Mitre Caldera

An issue was discovered in CALDERA 2.8.1.

4.3
2022-01-12 CVE-2021-46225 Libmeshb Project Classic Buffer Overflow vulnerability in Libmeshb Project Libmeshb 7.61

A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.

4.3
2022-01-12 CVE-2022-20613 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

4.3
2022-01-12 CVE-2022-23111 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over SSH

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

4.3
2022-01-12 CVE-2022-0087 Keystonejs Cross-site Scripting vulnerability in Keystonejs Keystone

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3
2022-01-11 CVE-2022-21843 Microsoft Resource Exhaustion vulnerability in Microsoft products

Windows IKE Extension Denial of Service Vulnerability.

4.3
2022-01-11 CVE-2022-21889 Microsoft Unspecified vulnerability in Microsoft products

Windows IKE Extension Denial of Service Vulnerability.

4.3
2022-01-11 CVE-2022-21890 Microsoft Unspecified vulnerability in Microsoft products

Windows IKE Extension Denial of Service Vulnerability.

4.3
2022-01-11 CVE-2022-21891 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Sales

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.

4.3
2022-01-11 CVE-2022-0173 Radare
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

radare2 is vulnerable to Out-of-bounds Read

4.3
2022-01-11 CVE-2021-45034 Siemens Information Exposure Through Log Files vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20).

4.3
2022-01-10 CVE-2021-36408 Struktur Use After Free vulnerability in Struktur Libde265 1.0.8

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

4.3
2022-01-10 CVE-2021-36410 Struktur Out-of-bounds Write vulnerability in Struktur Libde265 1.0.8

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

4.3
2022-01-10 CVE-2021-36411 Struktur Unspecified vulnerability in Struktur Libde265 1.0.8

An issue has been found in libde265 v1.0.8 due to incorrect access control.

4.3
2022-01-10 CVE-2020-25427 Gpac NULL Pointer Dereference vulnerability in Gpac 0.8.0

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

4.3
2022-01-10 CVE-2021-35452 Struktur Unspecified vulnerability in Struktur Libde265 1.0.8

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

4.3
2022-01-10 CVE-2022-21672 Linuxfromscratch Unspecified vulnerability in Linuxfromscratch Make-Ca

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers.

4.3
2022-01-10 CVE-2022-0155 Follow Redirects Project Privacy Violation vulnerability in Follow-Redirects Project Follow-Redirects

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

4.3
2022-01-10 CVE-2021-23218 Mirantis Memory Leak vulnerability in Mirantis Container Runtime 20.10.8

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.

4.3
2022-01-10 CVE-2021-25043 Pluginus Cross-site Scripting vulnerability in Pluginus Woocommerce Currency Switcher

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

4.3
2022-01-10 CVE-2021-25047 10Web Cross-site Scripting vulnerability in 10Web 10Websocial

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users

4.3
2022-01-10 CVE-2022-0156 VIM
Fedoraproject
Apple
Use After Free vulnerability in multiple products

vim is vulnerable to Use After Free

4.3
2022-01-10 CVE-2022-0158 VIM
Fedoraproject
Apple
Heap-based Buffer Overflow vulnerability in multiple products

vim is vulnerable to Heap-based Buffer Overflow

4.3
2022-01-10 CVE-2022-22114 Sismics Cross-site Scripting vulnerability in Sismics Teedy

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS).

4.3
2022-01-10 CVE-2022-22270 Google Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/9.0

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

4.3
2022-01-10 CVE-2022-22844 Libtiff
Debian
Netapp
Out-of-bounds Read vulnerability in multiple products

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

4.3
2022-01-10 CVE-2021-46045 Gpac Unspecified vulnerability in Gpac 1.0.1

GPAC 1.0.1 is affected by: Abort failed.

4.3
2022-01-10 CVE-2021-46046 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).

4.3
2022-01-10 CVE-2021-46047 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.

4.3
2022-01-10 CVE-2021-46048 Webassembly Reachable Assertion vulnerability in Webassembly Binaryen 104

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

4.3
2022-01-10 CVE-2021-46049 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.

4.3
2022-01-10 CVE-2021-46050 Webassembly Out-of-bounds Write vulnerability in Webassembly Binaryen 103

A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

4.3
2022-01-10 CVE-2021-46051 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service.

4.3
2022-01-10 CVE-2021-46052 Webassembly Reachable Assertion vulnerability in Webassembly Binaryen 104

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

4.3
2022-01-10 CVE-2021-46053 Webassembly Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Webassembly Binaryen 103

A Denial of Service vulnerability exists in Binaryen 103.

4.3
2022-01-10 CVE-2021-46054 Webassembly Reachable Assertion vulnerability in Webassembly Binaryen 104

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

4.3
2022-01-10 CVE-2021-46055 Webassembly Reachable Assertion vulnerability in Webassembly Binaryen 104

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

4.3
2022-01-10 CVE-2021-46163 Kentico Cross-site Scripting vulnerability in Kentico CMS 13.0.44

Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.

4.3
2022-01-10 CVE-2021-22569 Google
Oracle
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order.
4.3
2022-01-14 CVE-2021-42067 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP products

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.

4.0
2022-01-14 CVE-2022-21685 Parity Integer Underflow (Wrap or Wraparound) vulnerability in Parity Frontier 20210903

Frontier is Substrate's Ethereum compatibility layer.

4.0
2022-01-13 CVE-2022-21682 Flatpak
Fedoraproject
Redhat
Debian
Path Traversal vulnerability in multiple products

Flatpak is a Linux application sandboxing and distribution framework.

4.0
2022-01-13 CVE-2021-39056 IBM Unspecified vulnerability in IBM I

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service.

4.0
2022-01-13 CVE-2022-21678 Discourse Information Exposure vulnerability in Discourse

Discourse is an open source discussion platform.

4.0
2022-01-12 CVE-2022-20614 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Mailer

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

4.0
2022-01-12 CVE-2022-20616 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Credentials Binding

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

4.0
2022-01-12 CVE-2022-20618 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Bitbucket Branch Source 737.Vdf9Dc06105Be

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

4.0
2022-01-12 CVE-2022-20620 Jenkins Exposure of Resource to Wrong Sphere vulnerability in Jenkins SSH Agent

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

4.0
2022-01-12 CVE-2022-23109 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Hashicorp Vault

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

4.0
2022-01-12 CVE-2022-23112 Jenkins Missing Authorization vulnerability in Jenkins Publish Over SSH

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

4.0
2022-01-12 CVE-2022-23113 Jenkins Path Traversal vulnerability in Jenkins Publish Over SSH

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

4.0
2022-01-12 CVE-2021-28376 Chronoengine Path Traversal vulnerability in Chronoengine Chronoforums 7.0.7

ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.

4.0
2022-01-11 CVE-2021-41767 Apache Information Exposure vulnerability in Apache Guacamole

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses.

4.0
2022-01-11 CVE-2022-21915 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows GDI+ Information Disclosure Vulnerability.

4.0
2022-01-11 CVE-2022-21930 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

4.0
2022-01-11 CVE-2022-21931 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

4.0
2022-01-11 CVE-2021-29701 IBM Exposure of Resource to Wrong Sphere vulnerability in IBM products

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system.

4.0
2022-01-11 CVE-2022-0170 Framasoft Improper Access Control vulnerability in Framasoft Peertube

peertube is vulnerable to Improper Access Control

4.0
2022-01-11 CVE-2022-21671 Replit Information Exposure vulnerability in Replit Crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol.

4.0
2022-01-10 CVE-2022-0174 Dolibarr Improper Input Validation vulnerability in Dolibarr

dolibarr is vulnerable to Business Logic Errors

4.0
2022-01-10 CVE-2021-43949 Atlassian Information Exposure vulnerability in Atlassian Jira Service Management

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature.

4.0
2022-01-10 CVE-2021-43951 Atlassian Information Exposure vulnerability in Atlassian Jira Service Management

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

4.0
2022-01-10 CVE-2022-22701 Partkeepr Information Exposure vulnerability in Partkeepr

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.

4.0
2022-01-10 CVE-2022-22702 Partkeepr Server-Side Request Forgery (SSRF) vulnerability in Partkeepr

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.

4.0
2022-01-10 CVE-2022-22836 Coreftp Path Traversal vulnerability in Coreftp Core FTP 1.2/2.0

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

4.0
2022-01-10 CVE-2021-46148 Mediawiki Information Exposure vulnerability in Mediawiki

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

4.0
2022-01-10 CVE-2021-46166 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.

4.0
2022-01-10 CVE-2021-22060 Vmware
Oracle
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
4.0
2022-01-10 CVE-2021-23173 Philips Exposure of Resource to Wrong Sphere vulnerability in Philips Engage

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.

4.0
2022-01-10 CVE-2021-38894 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0

73 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-11 CVE-2022-21900 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Security Feature Bypass Vulnerability.

3.8
2022-01-14 CVE-2021-36781 Opensuse Incorrect Default Permissions vulnerability in Opensuse Factory

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service.

3.6
2022-01-12 CVE-2022-0012 Paloaltonetworks Link Following vulnerability in Paloaltonetworks Cortex XDR Agent

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition.

3.6
2022-01-11 CVE-2022-0144 Shelljs Project Improper Privilege Management vulnerability in Shelljs Project Shelljs

shelljs is vulnerable to Improper Privilege Management

3.6
2022-01-10 CVE-2022-22264 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

3.6
2022-01-10 CVE-2022-22268 Google Files or Directories Accessible to External Parties vulnerability in Google Android

Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.

3.6
2022-01-10 CVE-2022-22285 Samsung Code Injection vulnerability in Samsung Reminder

A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.

3.6
2022-01-10 CVE-2022-22286 Samsung Code Injection vulnerability in Samsung Bixby Routines

A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.

3.6
2022-01-16 CVE-2021-4170 Calibre WEB Project Cross-site Scripting vulnerability in Calibre-Web Project Calibre-Web

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-15 CVE-2020-28919 Tribe29 Cross-site Scripting vulnerability in Tribe29 Checkmk 1.6.0

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

3.5
2022-01-14 CVE-2021-36920 Wpchill Cross-site Scripting vulnerability in Wpchill Download Monitor

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).

3.5
2022-01-13 CVE-2021-43761 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

3.5
2022-01-13 CVE-2021-43764 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

3.5
2022-01-13 CVE-2021-40813 Element IT Cross-site Scripting vulnerability in Element-It Http Commander 3.1.9

A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.

3.5
2022-01-13 CVE-2022-22123 Fit2Cloud Cross-site Scripting vulnerability in Fit2Cloud Halo

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title.

3.5
2022-01-13 CVE-2022-22124 Fit2Cloud Cross-site Scripting vulnerability in Fit2Cloud Halo

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image.

3.5
2022-01-13 CVE-2022-22125 Halo Cross-site Scripting vulnerability in Halo

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.

3.5
2022-01-13 CVE-2022-23133 Zabbix
Fedoraproject
Cross-site Scripting vulnerability in multiple products

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.

3.5
2022-01-13 CVE-2022-22112 Daybydaycrm Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI).

3.5
2022-01-12 CVE-2022-20615 Jenkins Cross-site Scripting vulnerability in Jenkins Matrix Project

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

3.5
2022-01-12 CVE-2022-23108 Jenkins Cross-site Scripting vulnerability in Jenkins Badge

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-01-12 CVE-2022-23110 Jenkins Cross-site Scripting vulnerability in Jenkins Publish Over SSH

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

3.5
2022-01-12 CVE-2021-43960 Lorensbergs Cross-site Scripting vulnerability in Lorensbergs Connect2 3.13.7647.20190

** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability.

3.5
2022-01-12 CVE-2021-43436 Iresturant Project Cross-site Scripting vulnerability in Iresturant Project Iresturant 1.0

MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt.

3.5
2022-01-12 CVE-2021-44649 Django CMS Cross-site Scripting vulnerability in Django-Cms Django CMS

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability.

3.5
2022-01-12 CVE-2022-0159 Orchardcore Cross-site Scripting vulnerability in Orchardcore

orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-11 CVE-2022-21932 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.

3.5
2022-01-11 CVE-2021-37196 Siemens Path Traversal vulnerability in Siemens Comos

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

3.5
2022-01-10 CVE-2022-0157 Phoronix Media
Fedoraproject
Cross-site Scripting vulnerability in multiple products

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-10 CVE-2022-22115 Sismics Cross-site Scripting vulnerability in Sismics Teedy

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag.

3.5
2022-01-10 CVE-2022-22116 Rangerstudio Cross-site Scripting vulnerability in Rangerstudio Directus

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality.

3.5
2022-01-10 CVE-2022-22117 Rangerstudio Cross-site Scripting vulnerability in Rangerstudio Directus

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability.

3.5
2022-01-10 CVE-2021-46146 Mediawiki Cross-site Scripting vulnerability in Mediawiki

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

3.5
2022-01-10 CVE-2021-46150 Mediawiki Cross-site Scripting vulnerability in Mediawiki

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

3.5
2022-01-10 CVE-2021-38895 IBM Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting.

3.5
2022-01-14 CVE-2022-22054 Asus Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

3.3
2022-01-10 CVE-2020-10137 Silabs Insufficient Verification of Data Authenticity vulnerability in Silabs 700 Series Firmware and Uzb-7

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.

3.3
2022-01-10 CVE-2020-9061 Aeotec
Samsung
Silabs
Zooz
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
3.3
2022-01-12 CVE-2022-23105 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Active Directory

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

2.9
2022-01-13 CVE-2021-40327 Trustedfirmware Missing Authorization vulnerability in Trustedfirmware Trusted Firmware-M 1.4.0

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control.

2.6
2022-01-12 CVE-2022-20612 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

2.6
2022-01-11 CVE-2022-21929 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

2.6
2022-01-11 CVE-2021-37195 Siemens Cross-site Scripting vulnerability in Siemens Comos

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

2.6
2022-01-14 CVE-2021-23566 Nanoid Project Information Exposure vulnerability in Nanoid Project Nanoid

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

2.1
2022-01-14 CVE-2021-39628 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code.

2.1
2022-01-14 CVE-2021-39633 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access.

2.1
2022-01-14 CVE-2021-39680 Google Use of Uninitialized Resource vulnerability in Google Android

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data.

2.1
2022-01-14 CVE-2021-44234 SAP Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0

SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

2.1
2022-01-14 CVE-2021-39032 IBM Information Exposure Through Log Files vulnerability in IBM Sterling Gentran 5.3

IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user.

2.1
2022-01-14 CVE-2022-20660 Cisco Cleartext Storage of Sensitive Information vulnerability in Cisco products

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.

2.1
2022-01-13 CVE-2021-30314 Qualcomm Exposure of Resource to Wrong Sphere vulnerability in Qualcomm products

Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

2.1
2022-01-12 CVE-2021-45449 Docker Information Exposure Through Log Files vulnerability in Docker Desktop 4.3.0/4.3.1

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login.

2.1
2022-01-12 CVE-2022-20621 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Metrics

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

2.1
2022-01-12 CVE-2022-23114 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Publish Over SSH

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

2.1
2022-01-12 CVE-2021-35500 Tibco Unspecified vulnerability in Tibco products

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system.

2.1
2022-01-12 CVE-2022-0013 Paloaltonetworks Information Exposure vulnerability in Paloaltonetworks Cortex XDR Agent

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file.

2.1
2022-01-11 CVE-2022-21839 Microsoft Resource Exhaustion vulnerability in Microsoft Windows 10 and Windows Server 2019

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.

2.1
2022-01-11 CVE-2022-21906 Microsoft Unspecified vulnerability in Microsoft products

Windows Defender Application Control Security Feature Bypass Vulnerability.

2.1
2022-01-11 CVE-2021-44647 LUA
Fedoraproject
Type Confusion vulnerability in multiple products

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

2.1
2022-01-10 CVE-2022-21823 Ivanti Insecure Storage of Sensitive Information vulnerability in Ivanti Workspace Control

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.

2.1
2022-01-10 CVE-2022-22263 Google Improper Privilege Management vulnerability in Google Android 11.0

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.

2.1
2022-01-10 CVE-2022-22266 Google Improper Privilege Management vulnerability in Google Android 10.0/11.0/9.0

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

2.1
2022-01-10 CVE-2022-22267 Google Files or Directories Accessible to External Parties vulnerability in Google Android

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.

2.1
2022-01-10 CVE-2022-22269 Google Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/9.0

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

2.1
2022-01-10 CVE-2022-22271 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/9.0

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

2.1
2022-01-10 CVE-2022-22272 Google Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

2.1
2022-01-10 CVE-2022-22283 Samsung Insufficient Session Expiration vulnerability in Samsung Health 6.16/6.17/6.19.1.0001

Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.

2.1
2022-01-10 CVE-2022-22284 Samsung Improper Authentication vulnerability in Samsung Internet

Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication

2.1
2022-01-10 CVE-2022-22287 Samsung Information Exposure vulnerability in Samsung Email

Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.

2.1
2022-01-10 CVE-2022-22821 Nvidia Path Traversal vulnerability in Nvidia Nemo

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

2.1
2022-01-10 CVE-2021-40006 Huawei Inadequate Encryption Strength vulnerability in Huawei Harmonyos 2.0

The fingerprint module has a security risk of brute force cracking.

2.1
2022-01-10 CVE-2021-40041 Huawei Cross-site Scripting vulnerability in Huawei Ws318N-21 Firmware 10.0.2.2/10.0.2.5/10.0.2.6

There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings.

1.9
2022-01-11 CVE-2021-43566 Samba Race Condition vulnerability in Samba

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition.

1.2