Security Vulnerabilities - CVEs Published In January 2022
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-01-17
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-17
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-01-17
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-01-17
Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
CVSS Score
4.6
EPSS Score
0.0
Published
2022-01-17
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-17
calibre-web is vulnerable to Business Logic Errors
CVSS Score
7.7
EPSS Score
0.004
Published
2022-01-17
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVSS Score
4.7
EPSS Score
0.001
Published
2022-01-17
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-17
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-01-17