Security Vulnerabilities - CVEs Published In January 2022
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A
CVSS Score
4.4
EPSS Score
0.0
Published
2022-01-14
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A
CVSS Score
7.8
EPSS Score
0.0
Published
2022-01-14
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A
CVSS Score
7.8
EPSS Score
0.0
Published
2022-01-14
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2022-01-14
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A
CVSS Score
7.8
EPSS Score
0.0
Published
2022-01-14
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-14
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-01-14
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
3.3
EPSS Score
0.031
Published
2022-01-14
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
CVSS Score
7.8
EPSS Score
0.006
Published
2022-01-14
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-01-14