Weekly Vulnerabilities Reports > January 17 to 23, 2022

Overview

505 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 506 products from 155 vendors including Oracle, Netapp, Juniper, Debian, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Reachable Assertion", "Out-of-bounds Write", and "NULL Pointer Dereference".

  • 409 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 128 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 312 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 163 reported vulnerabilities.
  • Lexmark has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-21 CVE-2021-46308 Online Railway Reservation System Project SQL Injection vulnerability in Online Railway Reservation System Project Online Railway Reservation System 1.0

An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.

10.0
2022-01-21 CVE-2021-46309 Employee AND Visitor Gate Pass Logging System Project SQL Injection vulnerability in Employee and Visitor Gate Pass Logging System Project Employee and Visitor Gate Pass Logging System 1.0

An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.

10.0
2022-01-21 CVE-2021-35003 TP Link Stack-based Buffer Overflow vulnerability in Tp-Link Archer C90 Firmware 1.0.6

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers.

10.0
2022-01-21 CVE-2021-35004 TP Link Stack-based Buffer Overflow vulnerability in Tp-Link Tl-Wa1201 Firmware 1.0.1

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points.

10.0
2022-01-21 CVE-2021-46198 Courier Management System Project SQL Injection vulnerability in Courier Management System Project Courier Management System 1.0

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.

10.0
2022-01-21 CVE-2021-46200 Simple Music Cloud Community System Project SQL Injection vulnerability in Simple Music Cloud Community System Project Simple Music Cloud Community System 1.0

An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.

10.0
2022-01-21 CVE-2021-46201 Online Resort Management System Project SQL Injection vulnerability in Online Resort Management System Project Online Resort Management System 1.0

An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.

10.0
2022-01-21 CVE-2021-46307 Projectworlds SQL Injection vulnerability in Projectworlds Online Examination System 1.0

An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.

10.0
2022-01-20 CVE-2021-46061 Computer AND Mobile Repair Shop Management System Project SQL Injection vulnerability in Computer and Mobile Repair Shop Management System Project Computer and Mobile Repair Shop Management System 1.0

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.

10.0
2022-01-20 CVE-2021-44734 Lexmark Improper Input Validation vulnerability in Lexmark products

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

10.0
2022-01-20 CVE-2021-44735 Lexmark Command Injection vulnerability in Lexmark products

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

10.0
2022-01-20 CVE-2021-44736 Lexmark Improper Authentication vulnerability in Lexmark Mc3224I Firmware

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

10.0
2022-01-20 CVE-2021-44738 Lexmark Classic Buffer Overflow vulnerability in Lexmark products

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

10.0
2022-01-19 CVE-2022-23221 H2Database
Debian
Code Injection vulnerability in multiple products

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

10.0
2022-01-21 CVE-2022-23728 Google Unspecified vulnerability in Google Android

Attacker can reset the device with AT Command in the process of rebooting the device.

9.4
2022-01-19 CVE-2021-33912 Libspf2 Project
Debian
Out-of-bounds Write vulnerability in multiple products

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c.

9.3
2022-01-19 CVE-2021-33913 Libspf2 Project Out-of-bounds Write vulnerability in Libspf2 Project Libspf2

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c.

9.3
2022-01-19 CVE-2021-31854 Mcafee Command Injection vulnerability in Mcafee Agent

A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe.

9.3
2022-01-18 CVE-2022-23307 Apache
QOS
Deserialization of Untrusted Data vulnerability in multiple products

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.

9.0
2022-01-17 CVE-2021-38965 IBM OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

9.0

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-20 CVE-2021-44737 Lexmark Path Traversal vulnerability in Lexmark products

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

8.3
2022-01-21 CVE-2021-23236 Fresenius Kabi Resource Exhaustion vulnerability in Fresenius-Kabi products

Requests may be used to interrupt the normal operation of the device.

7.8
2022-01-19 CVE-2021-38787 Allwinnertech Integer Overflow or Wraparound vulnerability in Allwinnertech Android Q SDK 1.0

There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service).

7.8
2022-01-19 CVE-2022-21251 Oracle Unspecified vulnerability in Oracle Installed Base

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main).

7.8
2022-01-18 CVE-2021-38784 Allwinnertech NULL Pointer Dereference vulnerability in Allwinnertech Android Q SDK 1.0

There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android Q SDK V1.0 that could executable a malicious file to cause a system crash.

7.8
2022-01-18 CVE-2021-38785 Allwinnertech NULL Pointer Dereference vulnerability in Allwinnertech Android Q SDK 1.0

There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.

7.8
2022-01-18 CVE-2021-38783 Allwinnertech Out-of-bounds Write vulnerability in Allwinnertech Android Q SDK 1.0

There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash or EoP.

7.8
2022-01-23 CVE-2021-46024 Projectworlds SQL Injection vulnerability in Projectworlds Online-Shopping-Webvsite-In-PHP 1.0

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.

7.5
2022-01-21 CVE-2022-23363 Online Banking System Project SQL Injection vulnerability in Online Banking System Project Online Banking System 1.0

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.

7.5
2022-01-21 CVE-2022-23364 HMS Project SQL Injection vulnerability in HMS Project HMS 1.0

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.

7.5
2022-01-21 CVE-2022-23365 HMS Project SQL Injection vulnerability in HMS Project HMS 1.0

HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.

7.5
2022-01-21 CVE-2022-23366 HMS Project SQL Injection vulnerability in HMS Project HMS 1.0

HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.

7.5
2022-01-21 CVE-2022-22553 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI.

7.5
2022-01-21 CVE-2021-23518 Cached Path Relative Project Unspecified vulnerability in Cached-Path-Relative Project Cached-Path-Relative 1.0.0/1.0.1/1.0.2

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.

7.5
2022-01-21 CVE-2021-40595 Online Leave Management System Project SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.

7.5
2022-01-21 CVE-2021-23196 Fresenius Kabi Insufficiently Protected Credentials vulnerability in Fresenius-Kabi products

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.

7.5
2022-01-21 CVE-2021-23233 Fresenius Kabi Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie.

7.5
2022-01-21 CVE-2021-40247 Budget AND Expense Tracker System Project SQL Injection vulnerability in Budget and Expense Tracker System Project Budget and Expense Tracker System 1.0

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.

7.5
2022-01-21 CVE-2021-43355 Fresenius Kabi Improper Authentication vulnerability in Fresenius-Kabi products

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server.

7.5
2022-01-21 CVE-2022-23128 Iconics
Mitsubishielectric
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.
7.5
2022-01-21 CVE-2020-4877 IBM Incorrect Authorization vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes.

7.5
2022-01-21 CVE-2020-4879 IBM Improper Authentication vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies.

7.5
2022-01-21 CVE-2021-40855 Europa Improper Certificate Validation vulnerability in Europa Technical Specifications for Digital Covid Certificates

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance.

7.5
2022-01-21 CVE-2022-0318 VIM Heap-based Buffer Overflow vulnerability in VIM

Heap-based Buffer Overflow in vim/vim prior to 8.2.

7.5
2022-01-21 CVE-2022-0329 Loguru Project Code Injection vulnerability in Loguru Project Loguru

Code Injection in PyPi loguru prior to and including 0.5.3.

7.5
2022-01-21 CVE-2022-22928 Mingsoft Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

7.5
2022-01-21 CVE-2022-22929 Mingsoft Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

7.5
2022-01-21 CVE-2022-22930 Mingsoft Unspecified vulnerability in Mingsoft Mcms 5.2.4

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

7.5
2022-01-21 CVE-2022-23314 Mingsoft SQL Injection vulnerability in Mingsoft Mcms 5.2.4

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

7.5
2022-01-21 CVE-2022-23315 Mingsoft Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

7.5
2022-01-20 CVE-2021-44090 Sourcecodester Online Reviewer System Project SQL Injection vulnerability in Sourcecodester Online Reviewer System Project Sourcecodester Online Reviewer System 1.0

An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.

7.5
2022-01-20 CVE-2021-44092 Pharmacy Management Project SQL Injection vulnerability in Pharmacy Management Project Pharmacy Management 1.0

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.

7.5
2022-01-20 CVE-2021-44244 Sourcecodester Logistic HUB Parcel S Management System Project SQL Injection vulnerability in Sourcecodester Logistic HUB Parcel'S Management System Project Sourcecodester Logistic HUB Parcel'S Management System 1.0

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.

7.5
2022-01-20 CVE-2021-44245 Covid 19 Testing Management System Project SQL Injection vulnerability in Covid 19 Testing Management System Project Covid 19 Testing Management System 1.0

An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.

7.5
2022-01-19 CVE-2022-21679 Istio Always-Incorrect Control Flow Implementation vulnerability in Istio 1.12.0/1.12.1

Istio is an open platform to connect, manage, and secure microservices.

7.5
2022-01-19 CVE-2021-46204 Taogogo SQL Injection vulnerability in Taogogo Taocms 3.0.2

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

7.5
2022-01-19 CVE-2021-35587 Oracle Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).

7.5
2022-01-19 CVE-2022-21275 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).

7.5
2022-01-19 CVE-2022-21306 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2022-01-19 CVE-2022-21389 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).

7.5
2022-01-19 CVE-2022-21390 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager).

7.5
2022-01-18 CVE-2021-46013 Free School Management Software Project Unrestricted Upload of File with Dangerous Type vulnerability in Free School Management Software Project Free School Management Software 1.0

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0.

7.5
2022-01-18 CVE-2021-29215 HPE Unspecified vulnerability in HPE TEZ

A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch.

7.5
2022-01-18 CVE-2021-38697 Softvibe Unrestricted Upload of File with Dangerous Type vulnerability in Softvibe Saraban 1.1

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.

7.5
2022-01-18 CVE-2021-22566 Google Improper Authentication vulnerability in Google Fuchsia

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context.

7.5
2022-01-17 CVE-2021-4171 Calibre WEB Project Unspecified vulnerability in Calibre-Web Project Calibre-Web

calibre-web is vulnerable to Business Logic Errors

7.5
2022-01-17 CVE-2022-0239 Stanford XXE vulnerability in Stanford Corenlp

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

7.5
2022-01-21 CVE-2022-23220 Usbview Project Improper Authentication vulnerability in Usbview Project Usbview

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement.

7.2
2022-01-21 CVE-2022-21933 Asus Improper Input Validation vulnerability in Asus products

ASUS VivoMini/Mini PC device has an improper input validation vulnerability.

7.2
2022-01-20 CVE-2021-45417 Advanced Intrusion Detection Environment Project
Redhat
Fedoraproject
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

7.2
2022-01-19 CVE-2021-42810 Thalesgroup Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Safenet Authentication Service Remote Desktop Gateway

A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.

7.2
2022-01-19 CVE-2022-21392 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework).

7.2
2022-01-19 CVE-2022-0166 Mcafee Improper Privilege Management vulnerability in Mcafee Agent

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5.

7.2

351 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-20 CVE-2022-23120 Trendmicro Code Injection vulnerability in Trendmicro Deep Security Agent 10.0/11.0

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root.

6.9
2022-01-19 CVE-2022-22162 Juniper Information Exposure Through an Error Message vulnerability in Juniper Junos

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device.

6.9
2022-01-18 CVE-2021-4083 Linux
Netapp
Debian
Use After Free vulnerability in multiple products

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition.

6.9
2022-01-23 CVE-2022-23850 Epub2Txt Project Out-of-bounds Write vulnerability in Epub2Txt Project Epub2Txt

xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.

6.8
2022-01-21 CVE-2021-46242 Hdfgroup Use After Free vulnerability in Hdfgroup Hdf5 1.13.11

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

6.8
2022-01-21 CVE-2021-44593 Simple College Website Project SQL Injection vulnerability in Simple College Website Project Simple College Website 1.0

Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.

6.8
2022-01-21 CVE-2022-22893 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.

6.8
2022-01-21 CVE-2022-22894 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.

6.8
2022-01-21 CVE-2022-22895 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.

6.8
2022-01-20 CVE-2022-22888 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

6.8
2022-01-20 CVE-2021-46324 Espruino Out-of-bounds Write vulnerability in Espruino 2.11.251

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.

6.8
2022-01-20 CVE-2021-46325 Espruino Out-of-bounds Write vulnerability in Espruino 2.10.246

Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.

6.8
2022-01-20 CVE-2021-46326 Moddable Out-of-bounds Write vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcpy.

6.8
2022-01-20 CVE-2021-46328 Moddable Out-of-bounds Write vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start_main.

6.8
2022-01-20 CVE-2021-46332 Moddable Out-of-bounds Write vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter.

6.8
2022-01-20 CVE-2021-46334 Moddable Out-of-bounds Write vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __interceptor_strcat.

6.8
2022-01-19 CVE-2022-21253 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2022-01-19 CVE-2022-21256 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
6.8
2022-01-19 CVE-2022-22167 Juniper Incorrect Authorization vulnerability in Juniper Junos

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device.

6.8
2022-01-18 CVE-2021-43353 Crisp Cross-Site Request Forgery (CSRF) vulnerability in Crisp Live Chat

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31.

6.8
2022-01-18 CVE-2022-0215 Xootix Cross-Site Request Forgery (CSRF) vulnerability in Xootix products

The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site.

6.8
2022-01-18 CVE-2022-0261 VIM Heap-based Buffer Overflow vulnerability in VIM

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

6.8
2022-01-18 CVE-2022-23305 Apache
Netapp
Broadcom
QOS
SQL Injection vulnerability in multiple products

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.

6.8
2022-01-18 CVE-2021-45394 Html2Pdf Project Server-Side Request Forgery (SSRF) vulnerability in Html2Pdf Project Html2Pdf

An issue was discovered in Spipu HTML2PDF before 5.2.4.

6.8
2022-01-17 CVE-2021-4164 Calibre WEB Project Cross-Site Request Forgery (CSRF) vulnerability in Calibre-Web Project Calibre-Web

calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)

6.8
2022-01-17 CVE-2022-0180 Expresstech Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master

Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.

6.8
2022-01-17 CVE-2022-23303 W1 FI
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns.

6.8
2022-01-17 CVE-2022-23304 W1 FI
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns.

6.8
2022-01-21 CVE-2021-33846 Fresenius Kabi Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key.

6.5
2022-01-21 CVE-2021-44464 Fresenius Kabi Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products

Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances.

6.5
2022-01-21 CVE-2022-0323 Mustache Project Unspecified vulnerability in Mustache Project Mustache

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.

6.5
2022-01-20 CVE-2021-43269 Code42 Injection vulnerability in Code42

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution.

6.5
2022-01-19 CVE-2022-23046 Phpipam SQL Injection vulnerability in PHPipam 1.4.4

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

6.5
2022-01-19 CVE-2021-45808 Jpress Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0

jpress v4.2.0 allows users to register an account by default.

6.5
2022-01-19 CVE-2021-35683 Oracle Unspecified vulnerability in Oracle Essbase Administration Services 11.1.2.3/11.1.2.4.046

Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console).

6.5
2022-01-19 CVE-2022-21276 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).

6.5
2022-01-19 CVE-2022-21368 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
6.5
2022-01-19 CVE-2022-21391 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).

6.5
2022-01-19 CVE-2022-21395 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

6.5
2022-01-19 CVE-2022-21399 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

6.5
2022-01-19 CVE-2022-21401 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

6.5
2022-01-19 CVE-2022-21403 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

6.5
2022-01-18 CVE-2021-41550 Leostream Unrestricted Upload of File with Dangerous Type vulnerability in Leostream Connection Broker 9.0.40.17

Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.

6.5
2022-01-18 CVE-2021-33965 Chinamobile Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability.

6.5
2022-01-18 CVE-2021-33964 Chinamobile Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability.

6.5
2022-01-17 CVE-2022-0258 Pimcore SQL Injection vulnerability in Pimcore

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

6.5
2022-01-17 CVE-2021-25036 Aioseo Improper Authentication vulnerability in Aioseo ALL in ONE SEO

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to.

6.5
2022-01-21 CVE-2021-31562 Fresenius Kabi Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways.

6.4
2022-01-21 CVE-2020-4875 IBM XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

6.4
2022-01-21 CVE-2020-4876 IBM XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

6.4
2022-01-19 CVE-2022-22310 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 21.0.0.10/21.0.0.12

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security.

6.4
2022-01-19 CVE-2022-21252 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

6.4
2022-01-19 CVE-2022-21347 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.4
2022-01-19 CVE-2022-21350 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.4
2022-01-19 CVE-2022-21353 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.4
2022-01-18 CVE-2022-23408 Wolfssl Use of Insufficiently Random Values vulnerability in Wolfssl

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations.

6.4
2022-01-18 CVE-2022-0172 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3.

6.4
2022-01-18 CVE-2021-44757 Zohocorp Improper Authentication vulnerability in Zohocorp products

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

6.4
2022-01-19 CVE-2022-21254 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.3
2022-01-19 CVE-2022-22168 Juniper Improper Validation of Specified Type of Input vulnerability in Juniper Junos

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability.

6.1
2022-01-19 CVE-2022-21701 Istio Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1

Istio is an open platform to connect, manage, and secure microservices.

6.0
2022-01-19 CVE-2022-22769 Tibco Cross-site Scripting vulnerability in Tibco EBX

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.

6.0
2022-01-19 CVE-2022-21263 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Fault Management Architecture).

6.0
2022-01-19 CVE-2022-21363 Oracle Unspecified vulnerability in Oracle Mysql Connectors

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).

6.0
2022-01-19 CVE-2022-0266 Livehelperchat Authorization Bypass Through User-Controlled Key vulnerability in Livehelperchat Live Helper Chat

Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.

6.0
2022-01-18 CVE-2022-0154 Gitlab Cross-Site Request Forgery (CSRF) vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.

6.0
2022-01-18 CVE-2022-23302 Apache
Netapp
Broadcom
QOS
Deserialization of Untrusted Data vulnerability in multiple products

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.

6.0
2022-01-17 CVE-2022-0242 Craterapp Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.

6.0
2022-01-21 CVE-2022-22551 Dell Session Fixation vulnerability in Dell EMC Appsync

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.

5.8
2022-01-21 CVE-2022-22552 Dell Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync.

5.8
2022-01-19 CVE-2022-21257 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21258 Oracle Unspecified vulnerability in Oracle Weblogic Server 14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21259 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21260 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21261 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21262 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.8
2022-01-19 CVE-2022-21269 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.8
2022-01-19 CVE-2022-21272 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.8
2022-01-19 CVE-2022-21354 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Interface).

5.8
2022-01-19 CVE-2022-21359 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework).

5.8
2022-01-19 CVE-2022-21361 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

5.8
2022-01-19 CVE-2022-21369 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor).

5.8
2022-01-19 CVE-2022-21373 Oracle Unspecified vulnerability in Oracle Partner Management

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Reseller Locator).

5.8
2022-01-19 CVE-2022-21376 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.8
2022-01-19 CVE-2022-21377 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web API).

5.8
2022-01-19 CVE-2022-21386 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

5.8
2022-01-19 CVE-2022-22156 Juniper Man-in-the-Middle vulnerability in Juniper Junos

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device.

5.8
2022-01-19 CVE-2022-22157 Juniper Incorrect Authorization vulnerability in Juniper Junos

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device.

5.8
2022-01-17 CVE-2021-24838 Bologer Open Redirect vulnerability in Bologer Anycomment

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.

5.8
2022-01-21 CVE-2022-21707 Wasmcloud Incorrect Authorization vulnerability in Wasmcloud Host Runtime

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers.

5.5
2022-01-19 CVE-2022-21250 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts).

5.5
2022-01-19 CVE-2022-21255 Oracle Unspecified vulnerability in Oracle Configurator

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet).

5.5
2022-01-19 CVE-2022-21265 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-01-19 CVE-2022-21273 Oracle Unspecified vulnerability in Oracle Project Costing

Vulnerability in the Oracle Project Costing product of Oracle E-Business Suite (component: Expenses, Currency Override).

5.5
2022-01-19 CVE-2022-21274 Oracle Unspecified vulnerability in Oracle Sourcing

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx Creation).

5.5
2022-01-19 CVE-2022-21278 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-01-19 CVE-2022-21301 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
5.5
2022-01-19 CVE-2022-21351 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-01-19 CVE-2022-21367 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling).
5.5
2022-01-19 CVE-2022-21378 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-01-19 CVE-2022-21381 Oracle Unspecified vulnerability in Oracle Enterprise Session Border Controller 8.4/9.0

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: WebUI).

5.5
2022-01-21 CVE-2021-36338 Dell Incorrect Resource Transfer Between Spheres vulnerability in Dell products

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability.

5.2
2022-01-21 CVE-2021-39480 Bingrep Project Allocation of Resources Without Limits or Throttling vulnerability in Bingrep Project Bingrep 0.8.5

Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).

5.0
2022-01-21 CVE-2022-23837 Contribsys
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph.

5.0
2022-01-21 CVE-2021-23460 Camunda Unspecified vulnerability in Camunda Min-Dash

The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.

5.0
2022-01-21 CVE-2021-23631 Convert SVG Core Project Path Traversal vulnerability in Convert-Svg-Core Project Convert-Svg-Core

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg.

5.0
2022-01-21 CVE-2021-23664 Isomorphic GIT Server-Side Request Forgery (SSRF) vulnerability in Isomorphic-Git Cors-Proxy

The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.

5.0
2022-01-21 CVE-2021-23195 Fresenius Kabi Information Exposure vulnerability in Fresenius-Kabi products

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated.

5.0
2022-01-21 CVE-2021-33843 Fresenius Kabi Improper Authentication vulnerability in Fresenius-Kabi Agilia SP MC Wifi Firmware D25

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication.

5.0
2022-01-21 CVE-2021-41835 Fresenius Kabi Cleartext Transmission of Sensitive Information vulnerability in Fresenius-Kabi products

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption.

5.0
2022-01-21 CVE-2020-19861 Nlnetlabs Classic Buffer Overflow vulnerability in Nlnetlabs Ldns 1.7.1

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file.

5.0
2022-01-21 CVE-2020-19858 Plutinosoft Path Traversal vulnerability in Plutinosoft Platinum

Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability.

5.0
2022-01-20 CVE-2022-22890 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

5.0
2022-01-20 CVE-2020-23315 Microsoft Unspecified vulnerability in Microsoft Chakracore 1.12.0.0

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

5.0
2022-01-20 CVE-2021-46338 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0.

5.0
2022-01-20 CVE-2021-34600 Telenot Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Telenot Compasx

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users.

5.0
2022-01-20 CVE-2022-0282 Microweber Code Injection vulnerability in Microweber

Code Injection in Packagist microweber/microweber prior to 1.2.11.

5.0
2022-01-20 CVE-2022-0281 Microweber Information Exposure vulnerability in Microweber

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

5.0
2022-01-19 CVE-2021-38789 Allwinnertech Incorrect Authorization vulnerability in Allwinnertech Android Q SDK 1.0

Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings.

5.0
2022-01-19 CVE-2021-38788 Allwinnertech Resource Exhaustion vulnerability in Allwinnertech Android Q SDK 1.0

The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications.

5.0
2022-01-19 CVE-2021-46104 Webp Path Traversal vulnerability in Webp Server GO 0.4.0

An issue was discovered in webp_server_go 0.4.0.

5.0
2022-01-19 CVE-2021-35687 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager).

5.0
2022-01-19 CVE-2021-38786 Allwinnertech NULL Pointer Dereference vulnerability in Allwinnertech Android Q SDK 1.0

There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of service).

5.0
2022-01-19 CVE-2022-21266 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager).

5.0
2022-01-19 CVE-2022-21271 Oracle
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.0
2022-01-19 CVE-2022-21277 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
5.0
2022-01-19 CVE-2022-21282 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).
5.0
2022-01-19 CVE-2022-21283 Oracle
Debian
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.0
2022-01-19 CVE-2022-21291 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.0
2022-01-19 CVE-2022-21292 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

5.0
2022-01-19 CVE-2022-21293 Oracle
Debian
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.0
2022-01-19 CVE-2022-21294 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.0
2022-01-19 CVE-2022-21296 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).
5.0
2022-01-19 CVE-2022-21299 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).
5.0
2022-01-19 CVE-2022-21300 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise CS SA Integration Pack 9.0/9.2

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Snapshot Integration).

5.0
2022-01-19 CVE-2022-21305 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.0
2022-01-19 CVE-2022-21340 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.0
2022-01-19 CVE-2022-21341 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).
5.0
2022-01-19 CVE-2022-21346 Oracle Unspecified vulnerability in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

5.0
2022-01-19 CVE-2022-21349 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).
5.0
2022-01-19 CVE-2022-21360 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
5.0
2022-01-19 CVE-2022-21364 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Weblogic).

5.0
2022-01-19 CVE-2022-21365 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
5.0
2022-01-19 CVE-2022-21366 Oracle
Netapp
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
5.0
2022-01-19 CVE-2022-21371 Oracle Path Traversal vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

5.0
2022-01-19 CVE-2022-21387 Oracle Unspecified vulnerability in Oracle Commerce Platform 11.3.0/11.3.1/11.3.2

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework).

5.0
2022-01-19 CVE-2022-22153 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss.

5.0
2022-01-19 CVE-2022-22159 Juniper Resource Exhaustion vulnerability in Juniper Junos

A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device.

5.0
2022-01-19 CVE-2022-22161 Juniper Resource Exhaustion vulnerability in Juniper Junos

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port.

5.0
2022-01-19 CVE-2022-22164 Juniper Improper Initialization vulnerability in Juniper Junos OS Evolved 20.4/21.1/21.2

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled.

5.0
2022-01-19 CVE-2022-22170 Juniper Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos

A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset.

5.0
2022-01-19 CVE-2022-22171 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset.

5.0
2022-01-19 CVE-2022-22173 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).

5.0
2022-01-19 CVE-2022-22174 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition.

5.0
2022-01-19 CVE-2022-22177 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 12.3/15.1

A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted.

5.0
2022-01-19 CVE-2022-22178 Juniper Stack-based Buffer Overflow vulnerability in Juniper Junos

A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS).

5.0
2022-01-19 CVE-2022-22180 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS).

5.0
2022-01-19 CVE-2022-23435 Android GIF Drawable Project Unspecified vulnerability in Android-Gif-Drawable Project Android-Gif-Drawable

decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service.

5.0
2022-01-18 CVE-2022-21694 Onionshare Incorrect Permission Assignment for Critical Resource vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

5.0
2022-01-18 CVE-2022-21700 Objectcomputing Resource Exhaustion vulnerability in Objectcomputing Micronaut

Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language.

5.0
2022-01-18 CVE-2022-21689 Onionshare Resource Exhaustion vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

5.0
2022-01-18 CVE-2022-21695 Onionshare Improper Authentication vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

5.0
2022-01-18 CVE-2021-44838 Deltarm Exposure of Resource to Wrong Sphere vulnerability in Deltarm Delta RM 1.2

An issue was discovered in Delta RM 1.2.

5.0
2022-01-18 CVE-2020-14107 MI Out-of-bounds Write vulnerability in MI Xiaomi Mirror Screen

A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.

5.0
2022-01-18 CVE-2021-29632 Freebsd Unspecified vulnerability in Freebsd 12.2/13.0

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.

5.0
2022-01-18 CVE-2021-37866 Mattermost Insufficient Session Expiration vulnerability in Mattermost Boards

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.

5.0
2022-01-18 CVE-2021-41807 M Files Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server and M-Files web

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

5.0
2022-01-18 CVE-2022-0090 Gitlab Improper Privilege Management vulnerability in Gitlab

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.

5.0
2022-01-18 CVE-2022-0151 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.

5.0
2022-01-18 CVE-2022-0236 Vjinfotech Missing Authorization vulnerability in Vjinfotech WP Import Export and WP Import Export Lite

The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file.

5.0
2022-01-18 CVE-2022-0244 Gitlab Files or Directories Accessible to External Parties vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5.

5.0
2022-01-18 CVE-2022-22690 Umbraco HTTP Request Smuggling vulnerability in Umbraco CMS

Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.

5.0
2022-01-18 CVE-2021-38696 Softvibe Improper Authentication vulnerability in Softvibe Saraban 1.1

SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.

5.0
2022-01-18 CVE-2021-38694 Softvibe SQL Injection vulnerability in Softvibe Saraban 1.1

SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.

5.0
2022-01-17 CVE-2022-0240 Mruby NULL Pointer Dereference vulnerability in Mruby

mruby is vulnerable to NULL Pointer Dereference

5.0
2022-01-21 CVE-2021-4032 Linux Incomplete Cleanup vulnerability in Linux Kernel

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected.

4.9
2022-01-19 CVE-2022-21242 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

4.9
2022-01-19 CVE-2022-21246 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-19 CVE-2022-21281 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

4.9
2022-01-19 CVE-2022-21338 Oracle Unspecified vulnerability in Oracle Communications Convergence 3.0.2.2.0

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: General Framework).

4.9
2022-01-19 CVE-2022-21352 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2022-01-19 CVE-2022-21375 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

4.9
2022-01-19 CVE-2022-21396 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-19 CVE-2022-21397 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-19 CVE-2022-21398 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-19 CVE-2022-21400 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-19 CVE-2022-21402 Oracle Unspecified vulnerability in Oracle Communications Operations Monitor

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine).

4.9
2022-01-18 CVE-2021-34405 Nvidia NULL Pointer Dereference vulnerability in Nvidia Shield Experience

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

4.9
2022-01-21 CVE-2021-4001 Linux Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel

A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c.

4.7
2022-01-18 CVE-2021-34406 Nvidia NULL Pointer Dereference vulnerability in Nvidia Shield Experience

NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

4.7
2022-01-21 CVE-2021-36339 Dell Improper Privilege Management vulnerability in Dell products

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.

4.6
2022-01-19 CVE-2022-21699 Ipython
Debian
Fedoraproject
Incorrect Execution-Assigned Permissions vulnerability in multiple products

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language.

4.6
2022-01-19 CVE-2021-23843 Bosch Missing Authentication for Critical Function vulnerability in Bosch products

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices.

4.6
2022-01-19 CVE-2022-21316 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.6
2022-01-19 CVE-2022-21318 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.6
2022-01-19 CVE-2022-22154 Juniper Exposure of Resource to Wrong Sphere vulnerability in Juniper Junos

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS).

4.6
2022-01-18 CVE-2021-34401 Nvidia Unspecified vulnerability in Nvidia Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

4.6
2022-01-18 CVE-2021-34402 Nvidia Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Shield Experience

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

4.6
2022-01-18 CVE-2021-34403 Nvidia Use After Free vulnerability in Nvidia Shield Experience

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

4.6
2022-01-18 CVE-2021-34404 Nvidia Unspecified vulnerability in Nvidia Shield Experience

Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.

4.6
2022-01-18 CVE-2020-14110 MI Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50

AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.

4.6
2022-01-18 CVE-2022-0263 Pimcore Unrestricted Upload of File with Dangerous Type vulnerability in Pimcore

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

4.6
2022-01-23 CVE-2021-45380 Appcms Cross-site Scripting vulnerability in Appcms 2.0.101

AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php

4.3
2022-01-22 CVE-2022-23808 Phpmyadmin Cross-site Scripting vulnerability in PHPmyadmin 5.1.0/5.1.1

An issue was discovered in phpMyAdmin 5.1 before 5.1.2.

4.3
2022-01-21 CVE-2021-46234 Gpac NULL Pointer Dereference vulnerability in Gpac 1.1.0

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c.

4.3
2022-01-21 CVE-2021-46236 Gpac NULL Pointer Dereference vulnerability in Gpac 1.1.0

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c.

4.3
2022-01-21 CVE-2021-46237 Gpac NULL Pointer Dereference vulnerability in Gpac 1.1.0

An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c.

4.3
2022-01-21 CVE-2021-46238 Gpac Out-of-bounds Write vulnerability in Gpac 1.1.0

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c.

4.3
2022-01-21 CVE-2021-46239 Gpac Use After Free vulnerability in Gpac 1.1.0

The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c.

4.3
2022-01-21 CVE-2021-46240 Gpac NULL Pointer Dereference vulnerability in Gpac 1.1.0

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c.

4.3
2022-01-21 CVE-2021-46243 Hdfgroup NULL Pointer Dereference vulnerability in Hdfgroup Hdf5 1.13.11

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c.

4.3
2022-01-21 CVE-2021-46244 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5 1.13.11

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c.

4.3
2022-01-21 CVE-2021-46311 Gpac NULL Pointer Dereference vulnerability in Gpac 1.1.0

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c.

4.3
2022-01-21 CVE-2021-46313 Gpac Unspecified vulnerability in Gpac 1.1.0

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms ().

4.3
2022-01-21 CVE-2021-33848 Fresenius Kabi Cross-site Scripting vulnerability in Fresenius-Kabi products

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks.

4.3
2022-01-21 CVE-2022-23127 Iconics
Mitsubishielectric
Cross-site Scripting vulnerability in multiple products

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL.

4.3
2022-01-21 CVE-2022-23130 Iconics
Mitsubishielectric
Out-of-bounds Read vulnerability in multiple products

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.

4.3
2022-01-21 CVE-2020-19860 Nlnetlabs Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability.

4.3
2022-01-21 CVE-2022-0319 VIM
Debian
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds Read in vim/vim prior to 8.2.

4.3
2022-01-21 CVE-2022-0326 Mruby NULL Pointer Dereference vulnerability in Mruby

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

4.3
2022-01-21 CVE-2022-22891 Jerryscript Unspecified vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.

4.3
2022-01-21 CVE-2022-22892 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.

4.3
2022-01-20 CVE-2021-46322 Duktape Project Improper Resource Shutdown or Release vulnerability in Duktape Project Duktape 2.99.99

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.

4.3
2022-01-20 CVE-2021-46323 Espruino Unspecified vulnerability in Espruino 2.11.251

Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.

4.3
2022-01-20 CVE-2021-46327 Moddable Unspecified vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort.

4.3
2022-01-20 CVE-2021-46329 Moddable Unspecified vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini.

4.3
2022-01-20 CVE-2021-46330 Moddable Unspecified vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat.

4.3
2022-01-20 CVE-2021-46331 Moddable Unspecified vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype.

4.3
2022-01-20 CVE-2021-46333 Moddable Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.

4.3
2022-01-20 CVE-2021-46335 Moddable NULL Pointer Dereference vulnerability in Moddable SDK 11.5.0

Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance.

4.3
2022-01-20 CVE-2021-46336 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46337 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46339 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46340 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46342 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46343 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46344 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46345 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46346 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46347 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46348 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46349 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46350 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-46351 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

4.3
2022-01-20 CVE-2021-29785 IBM Unspecified vulnerability in IBM Soar

IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2022-01-20 CVE-2022-23119 Trendmicro Path Traversal vulnerability in Trendmicro Deep Security Agent 10.0/11.0

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system.

4.3
2022-01-20 CVE-2021-44829 AFI Solutions Cross-site Scripting vulnerability in Afi-Solutions Webacms 2.1.0

Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.

4.3
2022-01-20 CVE-2022-0219 Jadx Project XXE vulnerability in Jadx Project Jadx

Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.

4.3
2022-01-20 CVE-2022-22820 Linecorp Resource Exhaustion vulnerability in Linecorp Line

Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.

4.3
2022-01-20 CVE-2021-46028 Mblog Project Cross-Site Request Forgery (CSRF) vulnerability in Mblog Project Mblog

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management.

4.3
2022-01-19 CVE-2021-46027 Mysiteforme Project Cross-Site Request Forgery (CSRF) vulnerability in Mysiteforme Project Mysiteforme

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management.

4.3
2022-01-19 CVE-2021-4143 Bigbluebutton Cross-site Scripting vulnerability in Bigbluebutton

Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.

4.3
2022-01-19 CVE-2021-26247 Cacti Cross-site Scripting vulnerability in Cacti 0.8.7G

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

4.3
2022-01-19 CVE-2021-44777 Email Tracker Project Cross-Site Request Forgery (CSRF) vulnerability in Email Tracker Project Email Tracker

Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).

4.3
2022-01-19 CVE-2022-21244 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

4.3
2022-01-19 CVE-2022-21248 Oracle
Netapp
Debian
Fedoraproject
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).
4.3
2022-01-19 CVE-2022-22169 Juniper Improper Initialization vulnerability in Juniper Junos 15.1

An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS).

4.3
2022-01-19 CVE-2022-22175 Juniper Improper Locking vulnerability in Juniper Junos

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS).

4.3
2022-01-18 CVE-2022-21688 Onionshare Out-of-bounds Read vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

4.3
2022-01-18 CVE-2022-22691 Umbraco HTTP Request Smuggling vulnerability in Umbraco CMS

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.

4.3
2022-01-18 CVE-2022-23083 Broadcom Cross-site Scripting vulnerability in Broadcom products

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

4.3
2022-01-18 CVE-2022-0262 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.

4.3
2022-01-18 CVE-2021-44217 Ericsson Cross-site Scripting vulnerability in Ericsson Codechecker

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.

4.3
2022-01-18 CVE-2022-0245 Livehelperchat Cross-Site Request Forgery (CSRF) vulnerability in Livehelperchat

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

4.3
2022-01-17 CVE-2021-42357 Apache Cross-site Scripting vulnerability in Apache Knox

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing.

4.3
2022-01-17 CVE-2021-33040 Futurepress Cross-site Scripting vulnerability in Futurepress Epub.Js

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.

4.3
2022-01-17 CVE-2021-24909 ACF Photo Gallery Field Project Cross-site Scripting vulnerability in ACF Photo Gallery Field Project ACF Photo Gallery Field

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue

4.3
2022-01-17 CVE-2021-25024 Theeventscalendar Cross-site Scripting vulnerability in Theeventscalendar Eventcalendar

The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

4.3
2022-01-17 CVE-2021-3853 Chaskiq Cross-site Scripting vulnerability in Chaskiq

chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3
2022-01-17 CVE-2022-0181 Expresstech Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master

Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.

4.3
2022-01-22 CVE-2022-23807 Phpmyadmin Improper Authentication vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2.

4.0
2022-01-20 CVE-2021-45230 Apache Improper Privilege Management vulnerability in Apache Airflow

In Apache Airflow prior to 2.2.0.

4.0
2022-01-20 CVE-2022-22733 Apache Information Exposure vulnerability in Apache Shardingsphere Elasticjob-Ui 3.0.0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation.

4.0
2022-01-20 CVE-2022-0277 Microweber Improper Privilege Management vulnerability in Microweber

Improper Access Control in Packagist microweber/microweber prior to 1.2.11.

4.0
2022-01-19 CVE-2021-46203 Taogogo Path Traversal vulnerability in Taogogo Taocms 3.0.2

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

4.0
2022-01-19 CVE-2021-44837 Deltarm Exposure of Resource to Wrong Sphere vulnerability in Deltarm Delta RM 1.2

An issue was discovered in Delta RM 1.2.

4.0
2022-01-19 CVE-2021-35686 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager).

4.0
2022-01-19 CVE-2022-21243 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

4.0
2022-01-19 CVE-2022-21245 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.0
2022-01-19 CVE-2022-21247 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/19C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2022-01-19 CVE-2022-21249 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
4.0
2022-01-19 CVE-2022-21264 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2022-01-19 CVE-2022-21270 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated).
4.0
2022-01-19 CVE-2022-21279 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21280 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21284 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21285 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21286 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21287 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21288 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21289 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21290 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21297 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2022-01-19 CVE-2022-21303 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.0
2022-01-19 CVE-2022-21304 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
4.0
2022-01-19 CVE-2022-21307 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21308 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21309 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21310 Oracle
Netapp
Improper Privilege Management vulnerability in multiple products

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).

4.0
2022-01-19 CVE-2022-21314 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21315 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21320 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21322 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21326 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21327 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21328 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21329 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21330 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21332 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21334 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21335 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21336 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21337 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21339 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2022-01-19 CVE-2022-21342 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2022-01-19 CVE-2022-21344 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.0
2022-01-19 CVE-2022-21345 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.58/8.59

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).

4.0
2022-01-19 CVE-2022-21348 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.0
2022-01-19 CVE-2022-21356 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21358 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
4.0
2022-01-19 CVE-2022-21362 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.0
2022-01-19 CVE-2022-21370 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2022-01-19 CVE-2022-21372 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
4.0
2022-01-19 CVE-2022-21374 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.0
2022-01-19 CVE-2022-21379 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
4.0
2022-01-19 CVE-2022-21380 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.0
2022-01-19 CVE-2022-21382 Oracle Unspecified vulnerability in Oracle Enterprise Session Border Controller 8.4/9.0

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: WebUI).

4.0
2022-01-19 CVE-2022-21383 Oracle Unspecified vulnerability in Oracle Enterprise Session Border Controller 8.4/9.0

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Log).

4.0
2022-01-19 CVE-2022-21393 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

4.0
2022-01-19 CVE-2022-22152 Juniper Protection Mechanism Failure vulnerability in Juniper Contrail Service Orchestration

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system.

4.0
2022-01-18 CVE-2022-21692 Onionshare Improper Authentication vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

4.0
2022-01-18 CVE-2022-21691 Onionshare Missing Authentication for Critical Function vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

4.0
2022-01-18 CVE-2022-21693 Onionshare Path Traversal vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

4.0
2022-01-18 CVE-2021-44836 Deltarm Incorrect Authorization vulnerability in Deltarm Delta RM 1.2

An issue was discovered in Delta RM 1.2.

4.0
2022-01-18 CVE-2021-44839 Deltarm Weak Password Recovery Mechanism for Forgotten Password vulnerability in Deltarm Delta RM 1.2

An issue was discovered in Delta RM 1.2.

4.0
2022-01-18 CVE-2022-21696 Onionshare Improper Input Validation vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

4.0
2022-01-18 CVE-2021-44840 Deltarm Improper Privilege Management vulnerability in Deltarm Delta RM 1.2

An issue was discovered in Delta RM 1.2.

4.0
2022-01-18 CVE-2022-21683 Torchbox Information Exposure vulnerability in Torchbox Wagtail

Wagtail is a Django based content management system focused on flexibility and user experience.

4.0
2022-01-18 CVE-2021-37864 Mattermost Incorrect Authorization vulnerability in Mattermost

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.

4.0
2022-01-18 CVE-2021-37867 Mattermost Information Exposure vulnerability in Mattermost Boards

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure.

4.0
2022-01-18 CVE-2021-39892 Gitlab Exposure of Resource to Wrong Sphere vulnerability in Gitlab

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.

4.0
2022-01-18 CVE-2021-39942 Gitlab Resource Exhaustion vulnerability in Gitlab

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.

4.0
2022-01-18 CVE-2021-41809 M Files Server-Side Request Forgery (SSRF) vulnerability in M-Files Server

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.

4.0
2022-01-18 CVE-2022-0093 Gitlab Information Exposure vulnerability in Gitlab

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.

4.0
2022-01-18 CVE-2022-0124 Gitlab Improper Input Validation vulnerability in Gitlab

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.

4.0
2022-01-18 CVE-2022-0125 Gitlab Improper Privilege Management vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.

4.0
2022-01-18 CVE-2022-0152 Gitlab Missing Authorization vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.

4.0
2022-01-18 CVE-2021-4146 Pimcore Unspecified vulnerability in Pimcore

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.

4.0
2022-01-18 CVE-2021-41551 Leostream Path Traversal vulnerability in Leostream Connection Broker 9.0.40.17

Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.

4.0
2022-01-17 CVE-2021-25025 Theeventscalendar Missing Authorization vulnerability in Theeventscalendar Eventcalendar

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

4.0
2022-01-17 CVE-2021-25037 Aioseo SQL Injection vulnerability in Aioseo ALL in ONE SEO

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).

4.0

81 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-01-19 CVE-2021-23842 Bosch Use of Hard-coded Credentials vulnerability in Bosch products

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish.

3.6
2022-01-23 CVE-2021-4103 B3Log Cross-site Scripting vulnerability in B3Log Vditor 0.2.0/1.0.0

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.

3.5
2022-01-22 CVE-2021-4172 Showdoc Cross-site Scripting vulnerability in Showdoc

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.

3.5
2022-01-21 CVE-2022-21708 Graphql GO Project Resource Exhaustion vulnerability in Graphql-Go Project Graphql-Go

graphql-go is a GraphQL server with a focus on ease of use.

3.5
2022-01-21 CVE-2021-33966 Spotweb Project Cross-site Scripting vulnerability in Spotweb Project Spotweb 1.4.9

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

3.5
2022-01-20 CVE-2021-44091 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters.

3.5
2022-01-20 CVE-2022-0285 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.

3.5
2022-01-20 CVE-2021-3866 Zulip Cross-site Scripting vulnerability in Zulip

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

3.5
2022-01-20 CVE-2022-0278 Microweber Cross-site Scripting vulnerability in Microweber

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

3.5
2022-01-20 CVE-2021-46026 Mysiteforme Cross-site Scripting vulnerability in Mysiteforme

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.

3.5
2022-01-19 CVE-2021-46025 Oneblog Project Cross-site Scripting vulnerability in Oneblog Project Oneblog

A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8.

3.5
2022-01-19 CVE-2021-23225 Cacti Cross-site Scripting vulnerability in Cacti 1.1.38

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

3.5
2022-01-19 CVE-2021-3816 Cacti Cross-site Scripting vulnerability in Cacti 1.1.38

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

3.5
2022-01-19 CVE-2022-23045 Phpipam Cross-site Scripting vulnerability in PHPipam 1.4.4

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings.

3.5
2022-01-19 CVE-2022-0243 Orchardcore Cross-site Scripting vulnerability in Orchardcore

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.

3.5
2022-01-19 CVE-2021-44299 Naviwebs Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9.4

A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

3.5
2022-01-19 CVE-2022-0274 Orchardcore Cross-site Scripting vulnerability in Orchardcore

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.

3.5
2022-01-19 CVE-2021-46030 Javaquarkbbs Project Cross-site Scripting vulnerability in Javaquarkbbs Project Javaquarkbbs

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2.

3.5
2022-01-19 CVE-2022-21302 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
3.5
2022-01-18 CVE-2022-21690 Onionshare Cross-site Scripting vulnerability in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

3.5
2022-01-18 CVE-2022-21673 Grafana
Fedoraproject
Information Exposure vulnerability in multiple products

Grafana is an open-source platform for monitoring and observability.

3.5
2022-01-18 CVE-2021-46005 CAR Rental Management System Project Cross-site Scripting vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.

3.5
2022-01-18 CVE-2021-29872 IBM Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

3.5
2022-01-18 CVE-2021-37865 Mattermost Resource Exhaustion vulnerability in Mattermost

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

3.5
2022-01-18 CVE-2021-39927 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443

3.5
2022-01-18 CVE-2021-39946 Gitlab Cross-site Scripting vulnerability in Gitlab

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

3.5
2022-01-18 CVE-2021-4074 I Plugins Cross-site Scripting vulnerability in I-Plugins Whmcs Bridge

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1.

3.5
2022-01-18 CVE-2022-0210 Buffercode Cross-site Scripting vulnerability in Buffercode Random Banner

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4.

3.5
2022-01-18 CVE-2022-0232 Metagauss Cross-site Scripting vulnerability in Metagauss Leadmagic

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7.

3.5
2022-01-18 CVE-2022-0233 Metagauss Cross-site Scripting vulnerability in Metagauss Profilegrid

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.

3.5
2022-01-18 CVE-2021-38695 Softvibe Cross-site Scripting vulnerability in Softvibe Saraban 1.1

SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g.

3.5
2022-01-18 CVE-2022-0260 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.

3.5
2022-01-17 CVE-2022-0256 Pimcore Cross-site Scripting vulnerability in Pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-17 CVE-2022-0257 Pimcore Cross-site Scripting vulnerability in Pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-17 CVE-2021-3862 Icecoder Cross-site Scripting vulnerability in Icecoder

icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-17 CVE-2022-0253 Livehelperchat Cross-site Scripting vulnerability in Livehelperchat

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-17 CVE-2021-25005 Seur Oficial Project Cross-site Scripting vulnerability in Seur Oficial Project Seur Oficial

The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-01-17 CVE-2021-25046 Webnus Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite

The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.

3.5
2022-01-17 CVE-2021-25061 Wpbookingsystem Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.

3.5
2022-01-17 CVE-2021-25065 Smashballoon Cross-site Scripting vulnerability in Smashballoon Smash Balloon Social Post Feed

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

3.5
2022-01-17 CVE-2021-25067 Pluginops Cross-site Scripting vulnerability in Pluginops Landing Page

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.

3.5
2022-01-17 CVE-2021-3857 Chaskiq Cross-site Scripting vulnerability in Chaskiq

chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2022-01-17 CVE-2022-0182 Expresstech Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.

3.5
2022-01-20 CVE-2022-21658 Rust Lang
Fedoraproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency.

3.3
2022-01-19 CVE-2022-21298 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install).

3.3
2022-01-19 CVE-2022-22155 Juniper Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos

An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router.

3.3
2022-01-19 CVE-2022-22166 Juniper Improper Input Validation vulnerability in Juniper Junos 20.4/21.1

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS).

3.3
2022-01-19 CVE-2022-22172 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak.

3.3
2022-01-17 CVE-2022-0184 Kingjim Insufficiently Protected Credentials vulnerability in Kingjim products

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.

3.3
2022-01-19 CVE-2022-21311 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21312 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21313 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21317 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21319 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21321 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21323 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21324 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21325 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21331 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21333 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21355 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-21357 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
2.9
2022-01-19 CVE-2022-22160 Juniper Unchecked Error Condition vulnerability in Juniper Junos

An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS).

2.9
2022-01-19 CVE-2022-22163 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS).

2.9
2022-01-19 CVE-2022-22176 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS).

2.9
2022-01-19 CVE-2022-22179 Juniper Improper Input Validation vulnerability in Juniper Junos

A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS).

2.9
2022-01-21 CVE-2021-23207 Fresenius Kabi Insufficiently Protected Credentials vulnerability in Fresenius-Kabi products

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users.

2.1
2022-01-21 CVE-2022-23129 Iconics
Mitsubishielectric
Cleartext Storage of Sensitive Information vulnerability in multiple products

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally.

2.1
2022-01-21 CVE-2021-4016 Rapid7 Improper Privilege Management vulnerability in Rapid7 Insight Agent

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory.

2.1
2022-01-20 CVE-2021-32039 Mongodb Insufficiently Protected Credentials vulnerability in Mongodb

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file.

2.1
2022-01-19 CVE-2022-21704 Log4Js Project Incorrect Default Permissions vulnerability in Log4Js Project Log4Js

log4js-node is a port of log4js to node.js.

2.1
2022-01-19 CVE-2022-21267 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager).

2.1
2022-01-19 CVE-2022-21268 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager).

2.1
2022-01-19 CVE-2022-21295 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2022-01-19 CVE-2022-21388 Oracle Unspecified vulnerability in Oracle Communications Pricing Design Center 12.0.0.3.0/12.0.0.4.0

Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install).

2.1
2022-01-19 CVE-2022-21394 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2022-01-19 CVE-2021-31821 Octopus Cleartext Storage of Sensitive Information vulnerability in Octopus Tentacle

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext.

2.1
2022-01-17 CVE-2022-22703 Stormshield Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

2.1
2022-01-17 CVE-2022-0131 Jmty Use of Hard-coded Credentials vulnerability in Jmty Jimoty

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service.

2.1
2022-01-17 CVE-2022-0183 Kingjim Missing Encryption of Sensitive Data vulnerability in Kingjim Mirupass Pw10 Firmware and Mirupass Pw20 Firmware

Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.

2.1
2022-01-18 CVE-2021-41808 M Files Information Exposure Through Log Files vulnerability in M-Files Server

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log.

1.9