CVE List - 2022 / February
Showing 1001 - 1100 of 1942 CVEs for February 2022 (Page 11 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-0188 | 2022-02-14 | Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update |
| CVE-2022-0190 | 2022-02-14 | Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection |
| CVE-2022-0193 | 2022-02-14 | Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting |
| CVE-2022-0200 | 2022-02-14 | Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting |
| CVE-2022-0201 | 2022-02-14 | Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting |
| CVE-2022-0206 | 2022-02-14 | NewStatPress < 1.3.6 - Reflected Cross-Site Scripting |
| CVE-2022-0208 | 2022-02-14 | MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting |
| CVE-2022-0212 | 2022-02-14 | SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting |
| CVE-2022-0214 | 2022-02-14 | Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service |
| CVE-2021-45421 | 2022-02-14 | Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the... |
| CVE-2021-45420 | 2022-02-14 | Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without... |
| CVE-2022-24686 | 2022-02-14 | HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into... |
| CVE-2021-46371 | 2022-02-14 | antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information. |
| CVE-2021-45392 | 2022-02-14 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. |
| CVE-2022-22854 | 2022-02-14 | An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. |
| CVE-2021-39079 | 2022-02-14 | IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-39080 | 2022-02-14 | Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about... |
| CVE-2022-23367 | 2022-02-14 | Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. |
| CVE-2021-45347 | 2022-02-14 | An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. |
| CVE-2022-25150 | 2022-02-14 | In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. |
| CVE-2022-0579 | 2022-02-14 | Missing Authorization in snipe/snipe-it |
| CVE-2022-24988 | 2022-02-14 | In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. |
| CVE-2021-45348 | 2022-02-14 | An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). |
| CVE-2021-43106 | 2022-02-14 | A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause... |
| CVE-2019-16864 | 2022-02-14 | CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as... |
| CVE-2019-25057 | 2022-02-14 | In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. |
| CVE-2021-45310 | 2022-02-14 | Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server... |
| CVE-2022-22295 | 2022-02-14 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. |
| CVE-2022-23335 | 2022-02-14 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. |
| CVE-2022-23336 | 2022-02-14 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. |
| CVE-2022-23337 | 2022-02-14 | DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. |
| CVE-2022-23902 | 2022-02-14 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. |
| CVE-2022-24206 | 2022-02-14 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. |
| CVE-2022-23637 | 2022-02-14 | Stored Cross-Site-Scripting (XSS) in Markdown Editor |
| CVE-2022-23389 | 2022-02-14 | PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. |
| CVE-2022-23390 | 2022-02-14 | An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. |
| CVE-2022-23391 | 2022-02-14 | A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. |
| CVE-2022-23410 | 2022-02-14 | AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working... |
| CVE-2021-4201 | 2022-02-14 | Pre-authentication session hijacking |
| CVE-2022-24704 | 2022-02-14 | Buffer Overflow via Crafted IPv6 Addr Attribute Type Client Request in Accel-PPP v1.12 |
| CVE-2022-24705 | 2022-02-14 | Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12 |
| CVE-2022-23992 | 2022-02-14 | XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated... |
| CVE-2022-23638 | 2022-02-14 | Cross-site Scripting in svg-sanitizer |
| CVE-2021-45005 | 2022-02-14 | Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. |
| CVE-2021-46461 | 2022-02-14 | njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. |
| CVE-2021-46462 | 2022-02-14 | njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. |
| CVE-2022-25139 | 2022-02-14 | njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. |
| CVE-2021-46463 | 2022-02-14 | njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). |
| CVE-2022-0580 | 2022-02-14 | Incorrect Authorization in librenms/librenms |
| CVE-2022-21818 | 2022-02-14 | NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other... |
| CVE-2022-0596 | 2022-02-15 | Improper Validation of Specified Quantity in Input in microweber/microweber |
| CVE-2022-25175 | 2022-02-15 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on... |
| CVE-2022-25179 | 2022-02-15 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers... |
| CVE-2021-44960 | 2022-02-15 | In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a... |
| CVE-2022-21698 | 2022-02-15 | Uncontrolled Resource Consumption in promhttp |
| CVE-2022-24227 | 2022-02-15 | A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. |
| CVE-2021-43952 | 2022-02-15 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa... |
| CVE-2021-43953 | 2022-02-15 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in... |
| CVE-2021-43950 | 2022-02-15 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight... |
| CVE-2021-43940 | 2022-02-15 | Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer.... |
| CVE-2021-43941 | 2022-02-15 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin.... |
| CVE-2021-43948 | 2022-02-15 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move... |
| CVE-2022-0587 | 2022-02-15 | Improper Authorization in librenms/librenms |
| CVE-2022-0588 | 2022-02-15 | Missing Authorization in librenms/librenms |
| CVE-2022-0589 | 2022-02-15 | Cross-site Scripting (XSS) - Stored in librenms/librenms |
| CVE-2021-46557 | 2022-02-15 | Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. |
| CVE-2021-46558 | 2022-02-15 | Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the... |
| CVE-2022-23384 | 2022-02-15 | YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add |
| CVE-2022-23317 | 2022-02-15 | CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. |
| CVE-2021-43734 | 2022-02-15 | kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. |
| CVE-2021-41552 | 2022-02-15 | CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. |
| CVE-2021-42712 | 2022-02-15 | Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. |
| CVE-2022-0597 | 2022-02-15 | Open Redirect in microweber/microweber |
| CVE-2022-24586 | 2022-02-15 | A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and... |
| CVE-2022-24684 | 2022-02-15 | HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and... |
| CVE-2022-24585 | 2022-02-15 | A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. |
| CVE-2022-24226 | 2022-02-15 | Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. |
| CVE-2022-24588 | 2022-02-15 | Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. |
| CVE-2022-24587 | 2022-02-15 | A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2022-23604 | 2022-02-15 | Privilege escalation in Defender |
| CVE-2022-24590 | 2022-02-15 | A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2022-25173 | 2022-02-15 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to... |
| CVE-2022-25174 | 2022-02-15 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands... |
| CVE-2022-25176 | 2022-02-15 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines,... |
| CVE-2022-25177 | 2022-02-15 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able... |
| CVE-2022-25178 | 2022-02-15 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read... |
| CVE-2022-25180 | 2022-02-15 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed... |
| CVE-2022-25181 | 2022-02-15 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller... |
| CVE-2022-25182 | 2022-02-15 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially... |
| CVE-2022-25183 | 2022-02-15 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary... |
| CVE-2022-25184 | 2022-02-15 | Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve... |
| CVE-2022-25185 | 2022-02-15 | Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with... |
| CVE-2022-25186 | 2022-02-15 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes... |
| CVE-2022-25187 | 2022-02-15 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. |
| CVE-2022-25188 | 2022-02-15 | Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on... |
| CVE-2022-25189 | 2022-02-15 | Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure... |
| CVE-2022-25190 | 2022-02-15 | A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-25191 | 2022-02-15 | Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure... |
| CVE-2022-25192 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method,... |
| CVE-2022-25193 | 2022-02-15 | Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method,... |