CVE List - 2022 / February
Showing 1 - 100 of 1942 CVEs for February 2022 (Page 1 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24196 | 2022-02-01 | iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2022-24197 | 2022-02-01 | iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
| CVE-2022-24198 | 2022-02-01 | iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor... |
| CVE-2022-0417 | 2022-02-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-46669 | 2022-02-01 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. |
| CVE-2021-46668 | 2022-02-01 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. |
| CVE-2021-46667 | 2022-02-01 | MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. |
| CVE-2021-46666 | 2022-02-01 | MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. |
| CVE-2021-46665 | 2022-02-01 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. |
| CVE-2021-46664 | 2022-02-01 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. |
| CVE-2021-46663 | 2022-02-01 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. |
| CVE-2021-46662 | 2022-02-01 | MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. |
| CVE-2021-46661 | 2022-02-01 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). |
| CVE-2022-23774 | 2022-02-01 | Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. |
| CVE-2020-8562 | 2022-02-01 | Bypass of Kubernetes API Server proxy TOCTOU |
| CVE-2022-0419 | 2022-02-01 | NULL Pointer Dereference in radareorg/radare2 |
| CVE-2022-23603 | 2022-02-01 | Code injection in iTunesRPC-Remastered |
| CVE-2022-23602 | 2022-02-01 | Nim's rst parser sandboxed mode allows include which can embed any local file |
| CVE-2022-23607 | 2022-02-01 | Unsafe handling of user-specified cookies in treq |
| CVE-2021-41040 | 2022-02-01 | In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. |
| CVE-2022-23597 | 2022-02-01 | Remote program execution with user interaction |
| CVE-2022-23596 | 2022-02-01 | Infinite loop in junrar |
| CVE-2022-21687 | 2022-02-01 | Command injection in gh-ost |
| CVE-2021-43859 | 2022-02-01 | Denial of Service by injecting highly recursive collections or maps in XStream |
| CVE-2021-43848 | 2022-02-01 | Unititialized memory access in h2o |
| CVE-2022-23601 | 2022-02-01 | CSRF token missing in Symfony |
| CVE-2021-24648 | 2022-02-01 | Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting |
| CVE-2021-24686 | 2022-02-01 | SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24707 | 2022-02-01 | Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24761 | 2022-02-01 | Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF |
| CVE-2021-24762 | 2022-02-01 | Perfect Survey < 1.5.2 - Unauthenticated SQL Injection |
| CVE-2021-24763 | 2022-02-01 | Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update |
| CVE-2021-24764 | 2022-02-01 | Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting |
| CVE-2021-24765 | 2022-02-01 | Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24775 | 2022-02-01 | Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure |
| CVE-2021-24814 | 2022-02-01 | WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting |
| CVE-2021-24868 | 2022-02-01 | Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure |
| CVE-2021-24900 | 2022-02-01 | Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting |
| CVE-2021-24919 | 2022-02-01 | Wicked Folders < 2.18.10 - Subscriber+ SQL Injection |
| CVE-2021-24926 | 2022-02-01 | Domain Check < 1.0.17 - Reflected Cross-Site Scripting |
| CVE-2021-24934 | 2022-02-01 | Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting |
| CVE-2021-24937 | 2022-02-01 | Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting |
| CVE-2021-24944 | 2022-02-01 | Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24975 | 2022-02-01 | NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS |
| CVE-2021-24983 | 2022-02-01 | Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action |
| CVE-2021-25063 | 2022-02-01 | Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-25072 | 2022-02-01 | NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25085 | 2022-02-01 | WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting |
| CVE-2021-25089 | 2022-02-01 | UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting |
| CVE-2021-25091 | 2022-02-01 | Link Library < 7.2.9 - Reflected Cross-Site Scripting |
| CVE-2021-25092 | 2022-02-01 | Link Library < 7.2.8 - Library Settings Reset via CSRF |
| CVE-2021-25093 | 2022-02-01 | Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion |
| CVE-2022-0220 | 2022-02-01 | WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting |
| CVE-2022-0320 | 2022-02-01 | Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI |
| CVE-2022-0401 | 2022-02-01 | Path Traversal in yuda-lyu/w-zip |
| CVE-2021-41571 | 2022-02-01 | Pulsar Admin API allows access to data from other tenants using getMessageById API |
| CVE-2021-45416 | 2022-02-01 | Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. |
| CVE-2021-46253 | 2022-02-01 | A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2021-43509 | 2022-02-01 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. |
| CVE-2021-43510 | 2022-02-01 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. |
| CVE-2021-44451 | 2022-02-01 | API sensitive information leak |
| CVE-2021-44746 | 2022-02-01 | UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series... |
| CVE-2021-38560 | 2022-02-01 | Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. |
| CVE-2021-46093 | 2022-02-01 | eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. |
| CVE-2022-24218 | 2022-02-01 | An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. |
| CVE-2022-24219 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. |
| CVE-2022-24221 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. |
| CVE-2022-24222 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. |
| CVE-2022-24223 | 2022-02-01 | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. |
| CVE-2022-24220 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. |
| CVE-2021-42638 | 2022-02-01 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. |
| CVE-2022-0443 | 2022-02-02 | Use After Free in vim/vim |
| CVE-2022-24301 | 2022-02-02 | In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. |
| CVE-2022-24300 | 2022-02-02 | Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. |
| CVE-2021-42753 | 2022-02-02 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x... |
| CVE-2021-36177 | 2022-02-02 | An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to... |
| CVE-2021-41016 | 2022-02-02 | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to... |
| CVE-2021-43073 | 2022-02-02 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows... |
| CVE-2021-43062 | 2022-02-02 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below... |
| CVE-2021-36193 | 2022-02-02 | Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. |
| CVE-2021-41018 | 2022-02-02 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code... |
| CVE-2022-0366 | 2022-02-02 | An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. |
| CVE-2022-21724 | 2022-02-02 | Unchecked Class Instantiation when providing Plugin Classes |
| CVE-2020-26208 | 2022-02-02 | Heap-buffer-overflow in jhead |
| CVE-2021-24043 | 2022-02-02 | A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and... |
| CVE-2021-39044 | 2022-02-02 | IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... |
| CVE-2021-39066 | 2022-02-02 | IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. |
| CVE-2021-39070 | 2022-02-02 | IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force... |
| CVE-2022-21817 | 2022-02-02 | NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens... |
| CVE-2022-22509 | 2022-02-02 | PHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment |
| CVE-2022-22510 | 2022-02-02 | CODESYS: Null Pointer Dereference in CODESYS PROFINET stack |
| CVE-2021-42633 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. |
| CVE-2021-42637 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. |
| CVE-2021-42639 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. |
| CVE-2021-42640 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. |
| CVE-2021-42641 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address... |
| CVE-2021-42642 | 2022-02-02 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and... |
| CVE-2022-0432 | 2022-02-02 | Prototype Pollution in mastodon/mastodon |
| CVE-2021-43522 | 2022-02-02 | An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write... |
| CVE-2022-24069 | 2022-02-02 | An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29.... |