Security Vulnerabilities - CVEs Published In January 2022
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
7.3
EPSS Score
0.003
Published
2022-01-16
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score
8.8
EPSS Score
0.005
Published
2022-01-16
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.5
EPSS Score
0.002
Published
2022-01-16
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
CVSS Score
7.8
EPSS Score
0.021
Published
2022-01-15
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-01-15
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
CVSS Score
7.2
EPSS Score
0.029
Published
2022-01-15
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-15
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-15
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-15
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-15