CVE List - 2022 / February
Showing 1501 - 1600 of 1942 CVEs for February 2022 (Page 16 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-0632 | 2022-02-19 | NULL Pointer Dereference in mruby/mruby |
| CVE-2022-23376 | 2022-02-19 | WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. |
| CVE-2022-23375 | 2022-02-19 | WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. |
| CVE-2022-0689 | 2022-02-19 | Use multiple time the one-time coupon in microweber/microweber |
| CVE-2022-0690 | 2022-02-19 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2016-1239 | 2022-02-19 | duck before 0.10 did not properly handle loading of untrusted code from the current directory. |
| CVE-2021-46700 | 2022-02-19 | In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. |
| CVE-2022-0685 | 2022-02-20 | Use of Out-of-range Pointer Offset in vim/vim |
| CVE-2022-0686 | 2022-02-20 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse |
| CVE-2021-45007 | 2022-02-20 | Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that... |
| CVE-2022-0688 | 2022-02-20 | Business Logic Errors in microweber/microweber |
| CVE-2021-45081 | 2022-02-20 | An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. |
| CVE-2021-45083 | 2022-02-20 | An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user... |
| CVE-2022-23848 | 2022-02-20 | In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability. |
| CVE-2022-22126 | 2022-02-20 | Openmct XSS via the “Web Page” element |
| CVE-2022-23053 | 2022-02-20 | Openmct XSS via the “Condition Widget” |
| CVE-2022-23054 | 2022-02-20 | Openmct XSS via the “Summary Widget” |
| CVE-2022-25372 | 2022-02-20 | Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. |
| CVE-2022-25375 | 2022-02-20 | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information... |
| CVE-2021-46701 | 2022-02-20 | PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing"... |
| CVE-2021-4115 | 2022-02-21 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is... |
| CVE-2021-44141 | 2022-02-21 | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the... |
| CVE-2022-0564 | 2022-02-21 | Qlik Sense Enterprise Domain User enumeration |
| CVE-2022-0691 | 2022-02-21 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse |
| CVE-2022-0696 | 2022-02-21 | NULL Pointer Dereference in vim/vim |
| CVE-2022-0563 | 2022-02-21 | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the... |
| CVE-2022-25297 | 2022-02-21 | Arbitrary File Write |
| CVE-2021-24867 | 2022-02-21 | Backdoored Plugins & Themes from AccessPress Themes |
| CVE-2021-24921 | 2022-02-21 | Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting |
| CVE-2021-25055 | 2022-02-21 | FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-25057 | 2022-02-21 | Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-25058 | 2022-02-21 | The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS) |
| CVE-2021-25060 | 2022-02-21 | Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS |
| CVE-2021-25069 | 2022-02-21 | WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS |
| CVE-2021-25075 | 2022-02-21 | Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS |
| CVE-2021-25082 | 2022-02-21 | Popup Builder < 4.0.7 - LFI to RCE |
| CVE-2021-25099 | 2022-02-21 | Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting |
| CVE-2021-25100 | 2022-02-21 | Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard |
| CVE-2021-25101 | 2022-02-21 | Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting |
| CVE-2021-4208 | 2022-02-21 | ExportFeed <= 2.0.1.0 - Admin+ SQL Injection |
| CVE-2022-0134 | 2022-02-21 | AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF |
| CVE-2022-0164 | 2022-02-21 | Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users |
| CVE-2022-0186 | 2022-02-21 | Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-0199 | 2022-02-21 | Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF |
| CVE-2022-0211 | 2022-02-21 | Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0228 | 2022-02-21 | Popup Builder < 4.0.7 - Admin+ SQL Injection |
| CVE-2022-0234 | 2022-02-21 | WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting |
| CVE-2022-0252 | 2022-02-21 | Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool |
| CVE-2022-0255 | 2022-02-21 | Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection |
| CVE-2022-0279 | 2022-02-21 | AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition |
| CVE-2022-0288 | 2022-02-21 | Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting |
| CVE-2022-0313 | 2022-02-21 | Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF |
| CVE-2021-45008 | 2022-02-21 | Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem... |
| CVE-2022-24553 | 2022-02-21 | An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. |
| CVE-2022-0692 | 2022-02-21 | Open Redirect on Rudloff/alltube in rudloff/alltube |
| CVE-2021-44142 | 2022-02-21 | The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to... |
| CVE-2021-44568 | 2022-02-21 | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a... |
| CVE-2021-27753 | 2022-02-21 | "Sametime Android PathTraversal Vulnerability" |
| CVE-2021-27755 | 2022-02-21 | "Sametime Android potential path traversal vulnerability when using File class" |
| CVE-2022-0708 | 2022-02-21 | Team Creator's Email Address is disclosed to Team Members via one of the APIs |
| CVE-2022-23983 | 2022-02-21 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability |
| CVE-2022-23984 | 2022-02-21 | WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure |
| CVE-2022-24295 | 2022-02-21 | Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. |
| CVE-2022-25599 | 2022-02-21 | WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-27796 | 2022-02-21 | A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory”... |
| CVE-2021-26256 | 2022-02-21 | WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-27797 | 2022-02-21 | Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access... |
| CVE-2022-22308 | 2022-02-21 | IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into... |
| CVE-2022-24564 | 2022-02-21 | Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing... |
| CVE-2021-25636 | 2022-02-22 | Incorrect trust validation of signature with ambiguous KeyInfo children |
| CVE-2022-0714 | 2022-02-22 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-25643 | 2022-02-22 | seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. |
| CVE-2022-23608 | 2022-02-22 | Use after free in PJSIP |
| CVE-2022-24599 | 2022-02-22 | In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo... |
| CVE-2022-0676 | 2022-02-22 | Heap-based Buffer Overflow in radareorg/radare2 |
| CVE-2022-25636 | 2022-02-22 | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. |
| CVE-2022-24565 | 2022-02-22 | Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when... |
| CVE-2022-24582 | 2022-02-22 | Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using... |
| CVE-2022-24633 | 2022-02-22 | All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users... |
| CVE-2021-4030 | 2022-02-22 | A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local... |
| CVE-2021-4029 | 2022-02-22 | A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. |
| CVE-2022-0665 | 2022-02-22 | Path Traversal in pimcore/pimcore |
| CVE-2021-46162 | 2022-02-22 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially... |
| CVE-2021-46699 | 2022-02-22 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow... |
| CVE-2022-0712 | 2022-02-22 | NULL Pointer Dereference in radareorg/radare2 |
| CVE-2022-23043 | 2022-02-22 | Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a... |
| CVE-2022-0713 | 2022-02-22 | Heap-based Buffer Overflow in radareorg/radare2 |
| CVE-2022-23652 | 2022-02-22 | Privilege escalation using hop-by-hop Connection header |
| CVE-2021-44565 | 2022-02-22 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example... |
| CVE-2021-44566 | 2022-02-22 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. |
| CVE-2022-23654 | 2022-02-22 | Improper write access check in Requarks/wiki |
| CVE-2021-44567 | 2022-02-22 | An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. |
| CVE-2020-27467 | 2022-02-22 | A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. |
| CVE-2021-44967 | 2022-02-22 | A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.... |
| CVE-2022-23635 | 2022-02-22 | Unauthenticated control plane denial of service attack in Istio |
| CVE-2021-43824 | 2022-02-22 | Null pointer dereference in envoy |
| CVE-2022-23606 | 2022-02-22 | Crash when a cluster is deleted in Envoy |
| CVE-2022-21656 | 2022-02-22 | X.509 subjectAltName matching bypass in Envoy |
| CVE-2022-21657 | 2022-02-22 | X.509 Extended Key Usage and Trust Purposes bypass in Envoy |
| CVE-2022-21654 | 2022-02-22 | Incorrect configuration handling allows TLS session re-use without re-validation in Envoy |