Security Vulnerabilities - CVEs Published In January 2022
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.
CVSS Score
5.3
EPSS Score
0.041
Published
2022-01-06
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-01-06
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
CVSS Score
6.1
EPSS Score
0.011
Published
2022-01-06
forge is vulnerable to URL Redirection to Untrusted Site
CVSS Score
5.3
EPSS Score
0.006
Published
2022-01-06
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-06
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVSS Score
8.1
EPSS Score
0.041
Published
2022-01-06
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-06
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-06
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.
CVSS Score
8.0
EPSS Score
0.004
Published
2022-01-06
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVSS Score
7.2
EPSS Score
0.018
Published
2022-01-06