Security Vulnerabilities - CVEs Published In January 2022
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-30
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-30
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
5.7
EPSS Score
0.001
Published
2022-01-30
Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-01-30
Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-01-30
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-30
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-29
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-29
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-29
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
CVSS Score
9.0
EPSS Score
0.012
Published
2022-01-29