National Vulnerability Database

This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.

CVE-2022-0318

21 January 2022, 12:15 pm

Heap-based Buffer Overflow in Conda vim prior to 8.2.

CVE-2022-0329

21 January 2022, 11:15 am

Code Injection in Conda loguru prior to master.

CVE-2022-21933

21 January 2022, 9:15 am

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

CVE-2022-0326

21 January 2022, 7:15 am

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

CVE-2022-23314

21 January 2022, 12:15 am

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

CVE-2022-23315

21 January 2022, 12:15 am

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

CVE-2022-22930

21 January 2022, 12:15 am

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

CVE-2022-22891

21 January 2022, 12:15 am

Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.

CVE-2022-22893

21 January 2022, 12:15 am

Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.

CVE-2022-22928

21 January 2022, 12:15 am

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

CVE-2022-22892

21 January 2022, 12:15 am

There is an Assertion ‘ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)’ failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.

CVE-2022-22895

21 January 2022, 12:15 am

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.

CVE-2022-22894

21 January 2022, 12:15 am

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.

CVE-2022-22929

21 January 2022, 12:15 am

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

CVE-2022-22888

20 January 2022, 11:15 pm

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

CVE-2022-22890

20 January 2022, 11:15 pm

There is an Assertion ‘arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG’ failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

CVE-2021-46351

20 January 2022, 10:15 pm

There is an Assertion ‘local_tza == ecma_date_local_time_zone_adjustment (date_value)’ failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

CVE-2021-46347

20 January 2022, 10:15 pm

There is an Assertion ‘ecma_object_check_class_name_is_object (obj_p)’ failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

CVE-2021-46349

20 January 2022, 10:15 pm

There is an Assertion ‘type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY’ failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

CVE-2021-46350

20 January 2022, 10:15 pm

There is an Assertion ‘ecma_is_value_object (value)’ failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0.

CVE-2021-46348

20 January 2022, 10:15 pm

There is an Assertion ‘ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)’ failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0.

CVE-2021-46346

20 January 2022, 10:15 pm

There is an Assertion ‘local_tza == ecma_date_local_time_zone_adjustment (date_value)’ failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

CVE-2021-46325

20 January 2022, 10:15 pm

Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.

CVE-2021-46333

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.

CVE-2021-46327

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort.

CVE-2021-46326

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcpy.

CVE-2021-46323

20 January 2022, 10:15 pm

Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.

CVE-2021-46331

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype.

CVE-2021-46330

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat.

CVE-2021-46324

20 January 2022, 10:15 pm

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.

CVE-2021-46328

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start_main.

CVE-2021-46332

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter.

CVE-2021-46335

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance.

CVE-2021-46329

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini.

CVE-2021-46337

20 January 2022, 10:15 pm

There is an Assertion ‘page_p != NULL’ failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0.

CVE-2021-46336

20 January 2022, 10:15 pm

There is an Assertion ‘opts & PARSER_CLASS_LITERAL_CTOR_PRESENT’ failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0.

CVE-2021-46339

20 January 2022, 10:15 pm

There is an Assertion ‘lit_is_valid_cesu8_string (string_p, string_size)’ failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0.

CVE-2021-46338

20 January 2022, 10:15 pm

There is an Assertion ‘ecma_is_lexical_environment (object_p)’ failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0.

CVE-2021-46340

20 January 2022, 10:15 pm

There is an Assertion ‘context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT’ failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.

CVE-2021-46334

20 January 2022, 10:15 pm

Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __interceptor_strcat.

CVE-2021-46342

20 January 2022, 10:15 pm

There is an Assertion ‘ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)’ failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0.

CVE-2021-46343

20 January 2022, 10:15 pm

There is an Assertion ‘context_p->token.type == LEXER_LITERAL’ failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

CVE-2021-46344

20 January 2022, 10:15 pm

There is an Assertion ‘flags & PARSER_PATTERN_HAS_REST_ELEMENT’ failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

CVE-2021-46345

20 January 2022, 10:15 pm

There is an Assertion ‘cesu8_cursor_p == cesu8_end_p’ failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0.

CVE-2020-23315

20 January 2022, 10:15 pm

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

CVE-2021-46322

20 January 2022, 10:15 pm

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.

CVE-2021-29785

20 January 2022, 8:15 pm

IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169.

CVE-2021-46061

20 January 2022, 8:15 pm

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.

CVE-2022-23119

20 January 2022, 7:15 pm

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.

CVE-2021-44092

20 January 2022, 7:15 pm

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.