Security Vulnerabilities - CVEs Published In January 2022
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CVSS Score
6.1
EPSS Score
0.669
Published
2022-01-22
wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, but with this vulnerability actor capability claims are not verified upon receiving invocations. This compromises the security model for actors as they can receive unauthorized invocations from linked capability providers. The problem has been patched in versions `0.52.2` and greater. There is no workaround and users are advised to upgrade to an unaffected version as soon as possible.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-01-21
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-21
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-01-21
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-21
HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-21
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-01-21
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-21