Security Vulnerabilities - CVEs Published In January 2022
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Known exploited
CVSS Score
3.7
EPSS Score
0.926
Published
2022-01-13
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-01-13
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-01-13
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-01-13
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-01-13
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CVSS Score
9.3
EPSS Score
0.0
Published
2022-01-13
Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-13
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-13
Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-13
Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-13