Security Vulnerabilities - CVEs Published In January 2022
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-01-25
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-25
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
CVSS Score
8.8
EPSS Score
0.02
Published
2022-01-25
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVSS Score
5.7
EPSS Score
0.003
Published
2022-01-25
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-25
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
CVSS Score
7.8
EPSS Score
0.354
Published
2022-01-25
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-01-25
Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-01-25