Security Vulnerabilities - CVEs Published In January 2022
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
CVSS Score
8.8
EPSS Score
0.338
Published
2022-01-28
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-01-28
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2022-01-28
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-28
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
CVSS Score
6.5
EPSS Score
0.03
Published
2022-01-28
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-28
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-01-28
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-01-28
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-01-28
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-01-28