Uncategorized CVEs — 2022 (Page 25/27)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2022-01-19

Low

CVE-2022-21313

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerab…

CVSS: 2.9CWE: N/A

Low

CVE-2022-21312

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and…

CVSS: 2.9CWE: N/A

Low

CVE-2022-21311

CVSS: 2.9CWE: N/A

Medium

CVE-2022-21309

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21308

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high pri…

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21307

CVSS: 6.3CWE: N/A

Critical

CVE-2022-21306

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily e…

CVSS: 9.8CWE: N/A

Medium

CVE-2022-21305

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13,…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21304

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21303

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vul…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21302

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged atta…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21301

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 5.5CWE: N/A

High

CVE-2022-21300

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Snapshot Integration). Supported versions that are affected are 9.0 and 9.2. Easily exploita…

CVSS: 7.5CWE: N/A

Medium

CVE-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.…

CVSS: 5.3CWE: N/A

Low

CVE-2022-21298

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with…

CVSS: 3.9CWE: N/A

Medium

CVE-2022-21297

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21296

CVSS: 5.3CWE: N/A

Low

CVE-2022-21295

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low pr…

CVSS: 3.8CWE: N/A

Medium

CVE-2022-21294

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21293

CVSS: 5.3CWE: N/A

High

CVE-2022-21292

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabil…

CVSS: 7.5CWE: N/A

Medium

CVE-2022-21291

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21290

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21289

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21288

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21287

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21286

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21285

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21284

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21283

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21282

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21281

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1…

CVSS: 4.8CWE: N/A

Medium

CVE-2022-21280

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21279

CVSS: 6.3CWE: N/A

High

CVE-2022-21278

CVSS: 7.1CWE: N/A

Medium

CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle…

CVSS: 5.3CWE: N/A

Critical

CVE-2022-21276

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.…

CVSS: 9.9CWE: N/A

Critical

CVE-2022-21275

CVSS: 10.0CWE: N/A

High

CVE-2022-21274

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx Creation). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerabil…

CVSS: 8.1CWE: N/A

High

CVE-2022-21273

Vulnerability in the Oracle Project Costing product of Oracle E-Business Suite (component: Expenses, Currency Override). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vu…

CVSS: 8.1CWE: N/A

Medium

CVE-2022-21272

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability…

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21271

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21270

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerabil…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21269

CVSS: 6.1CWE: N/A

Low

CVE-2022-21268

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.…

CVSS: 3.3CWE: N/A

Low

CVE-2022-21267

CVSS: 3.3CWE: N/A

High

CVE-2022-21266

CVSS: 7.5CWE: N/A

Low

CVE-2022-21265

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 3.8CWE: N/A

Medium

CVE-2022-21264

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21263

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Fault Management Architecture). The supported version that is affected is 11. Easily exploitable vulnerability allows low pri…

CVSS: 4.8CWE: N/A

Medium

CVE-2022-21262

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21261

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21260

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21259

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21258

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows una…

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21257

CVSS: 6.1CWE: N/A

Medium

CVE-2022-21256

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability al…

CVSS: 4.9CWE: N/A

High

CVE-2022-21255

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows l…

CVSS: 8.1CWE: N/A

Medium

CVE-2022-21254

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low priv…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21253

CVSS: 4.9CWE: N/A

Medium

CVE-2022-21252

CVSS: 6.5CWE: N/A

High

CVE-2022-21251

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability all…

CVSS: 7.5CWE: N/A

High

CVE-2022-21250

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability all…

CVSS: 8.1CWE: N/A

Low

CVE-2022-21249

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 2.7CWE: N/A

Low

CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.…

CVSS: 3.7CWE: N/A

Low

CVE-2022-21247

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having…

CVSS: 2.7CWE: N/A

Medium

CVE-2022-21246

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easi…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-21245

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable…

CVSS: 4.3CWE: N/A

Medium

CVE-2022-21244

CVSS: 4.3CWE: N/A

Medium

CVE-2022-21243

CVSS: 4.3CWE: N/A

Medium

CVE-2022-21242

CVSS: 5.4CWE: N/A

Medium

CVE-2021-35687

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that…

CVSS: 5.3CWE: N/A

Medium

CVE-2021-35686

CVSS: 4.3CWE: N/A

Critical

CVE-2021-35683

Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vul…

CVSS: 9.9CWE: N/A

High

CVE-2022-23435

decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service.

CVSS: 7.5CWE: N/A

High

CVE-2022-22159

A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. Dur…

CVSS: 7.5CWE: N/A

2022-01-18

Medium

CVE-2021-44838

An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access ri…

CVSS: 4.3CWE: N/A

High

CVE-2021-34404

Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause d…

CVSS: 7.1CWE: N/A

Medium

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allow…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-0151

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitL…

CVSS: 6.5CWE: N/A

Low

CVE-2022-0093

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive inf…

CVSS: 3.5CWE: N/A

Medium

CVE-2021-39892

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.

CVSS: 4.3CWE: N/A

High

CVE-2021-29632

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while tex…

CVSS: 7.5CWE: N/A

Critical

CVE-2021-29215

A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: map…

CVSS: 9.8CWE: N/A

Medium

CVE-2021-4146

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.

CVSS: 4.3CWE: CWE-840

High

CVE-2021-38696

SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.

CVSS: 7.5CWE: N/A

Critical

CVE-2021-22566

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to b…

CVSS: 9.8CWE: CWE-275

Critical

CVE-2021-44757

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP arc…

CVSS: 9.1CWE: N/A

2022-01-17

Critical

CVE-2021-4171

calibre-web is vulnerable to Business Logic Errors

CVSS: 9.8CWE: CWE-840

2022-01-14

High

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to…

CVSS: 8.1CWE: N/A

High

CVE-2022-22530

CVSS: 8.1CWE: N/A

High

CVE-2022-0130

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.…

CVSS: 8.1CWE: N/A

Medium

CVE-2021-42067

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashbo…

CVSS: 4.3CWE: N/A

High

CVE-2021-39684

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional…

CVSS: 7.8CWE: N/A

High

CVE-2021-39678

In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti…

CVSS: 7.8CWE: N/A

High

CVE-2021-39625

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local…

CVSS: 7.3CWE: N/A

High

CVE-2021-39618

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of…

CVSS: 7.8CWE: N/A

High

CVE-2021-20612

Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version…

CVSS: 7.5CWE: N/A

Critical

CVE-2021-1049

Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722

CVSS: 9.8CWE: N/A

High

CVE-2021-0959

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. Us…

CVSS: 7.8CWE: N/A

Medium

CVE-2021-45763

GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).

CVSS: 5.5CWE: N/A

High

CVE-2021-46255

eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

CVSS: 8.1CWE: N/A

2022-01-13

High

CVE-2022-22988

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through…

CVSS: 7.7CWE: CWE-275

Critical

CVE-2021-45807

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.

CVSS: 9.8CWE: N/A

Medium

CVE-2021-40567

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.

CVSS: 5.5CWE: N/A

Medium

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID:…

CVSS: 6.5CWE: N/A

2022-01-12

Medium

CVE-2021-35500

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace co…

CVSS: 6.3CWE: N/A

High

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

CVSS: 7.8CWE: N/A

High

CVE-2021-44650

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

CVSS: 7.2CWE: N/A

2022-01-11

Critical

CVE-2022-21969

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0CWE: N/A

Medium