Security Vulnerabilities - CVEs Published In January 2022
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906
CVSS Score
5.3
EPSS Score
0.001
Published
2022-01-14
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-14
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-14
Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-14
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
CVSS Score
7.8
EPSS Score
0.006
Published
2022-01-14
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-14
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-14
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-14
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-01-14
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
CVSS Score
9.8
EPSS Score
0.361
Published
2022-01-14