CVE List - 2022 / February
Showing 1601 - 1700 of 1942 CVEs for February 2022 (Page 17 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-21655 | 2022-02-22 | Incorrect handling of internal redirects results in crash in Envoy |
| CVE-2022-25072 | 2022-02-22 | TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. |
| CVE-2022-25073 | 2022-02-22 | TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. |
| CVE-2022-25074 | 2022-02-22 | TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. |
| CVE-2022-25075 | 2022-02-22 | TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25076 | 2022-02-22 | TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25077 | 2022-02-22 | TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25078 | 2022-02-22 | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25079 | 2022-02-22 | TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25080 | 2022-02-22 | TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25081 | 2022-02-22 | TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25082 | 2022-02-22 | TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25083 | 2022-02-22 | TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25084 | 2022-02-22 | TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2022-25414 | 2022-02-22 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. |
| CVE-2022-25417 | 2022-02-22 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. |
| CVE-2022-25418 | 2022-02-22 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. |
| CVE-2021-43825 | 2022-02-22 | Use-after-free in Envoy |
| CVE-2021-43826 | 2022-02-22 | Crash when tunneling TCP over HTTP in Envoy |
| CVE-2022-23612 | 2022-02-22 | Directory Traversal in OpenMRS Startup Filter |
| CVE-2022-0654 | 2022-02-22 | Exposure of Sensitive Information to an Unauthorized Actor in fgribreau/node-request-retry |
| CVE-2022-0726 | 2022-02-23 | Missing Authorization in chocobozzz/peertube |
| CVE-2022-0729 | 2022-02-23 | Use of Out-of-range Pointer Offset in vim/vim |
| CVE-2022-24407 | 2022-02-23 | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
| CVE-2022-0717 | 2022-02-23 | Out-of-bounds Read in mruby/mruby |
| CVE-2022-25809 | 2022-02-23 | Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of... |
| CVE-2022-0736 | 2022-02-23 | Insecure Temporary File in mlflow/mlflow |
| CVE-2022-0719 | 2022-02-23 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2022-0721 | 2022-02-23 | Insertion of Sensitive Information Into Debugging Code in microweber/microweber |
| CVE-2022-0724 | 2022-02-23 | Insecure Storage of Sensitive Information in microweber/microweber |
| CVE-2022-24566 | 2022-02-23 | In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in... |
| CVE-2022-0727 | 2022-02-23 | Improper Access Control in chocobozzz/peertube |
| CVE-2022-24620 | 2022-02-23 | Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. |
| CVE-2022-0476 | 2022-02-23 | Denial of Service in radareorg/radare2 |
| CVE-2022-20650 | 2022-02-23 | Cisco NX-OS Software NX-API Command Injection Vulnerability |
| CVE-2022-20625 | 2022-02-23 | Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability |
| CVE-2022-20624 | 2022-02-23 | Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability |
| CVE-2022-20623 | 2022-02-23 | Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability |
| CVE-2021-43724 | 2022-02-23 | A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. |
| CVE-2022-0731 | 2022-02-23 | Improper Access Control (IDOR) in dolibarr/dolibarr |
| CVE-2021-44607 | 2022-02-23 | A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. |
| CVE-2021-44608 | 2022-02-23 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. |
| CVE-2022-21705 | 2022-02-23 | Authenticated remote code execution in octobercms |
| CVE-2021-44610 | 2022-02-23 | Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group... |
| CVE-2022-22333 | 2022-02-23 | IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not... |
| CVE-2022-22336 | 2022-02-23 | IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a... |
| CVE-2021-4070 | 2022-02-23 | Off-by-one Error in v2fly/v2ray-core |
| CVE-2021-44550 | 2022-02-23 | An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). |
| CVE-2021-45746 | 2022-02-23 | A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. |
| CVE-2022-25406 | 2022-02-23 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. |
| CVE-2022-25404 | 2022-02-23 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. |
| CVE-2022-25402 | 2022-02-23 | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. |
| CVE-2022-25403 | 2022-02-23 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. |
| CVE-2022-25401 | 2022-02-23 | The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. |
| CVE-2022-25104 | 2022-02-23 | HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. |
| CVE-2022-25101 | 2022-02-23 | A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-25098 | 2022-02-23 | ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. |
| CVE-2022-25099 | 2022-02-23 | A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-25405 | 2022-02-23 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. |
| CVE-2022-24409 | 2022-02-23 | Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts... |
| CVE-2022-23651 | 2022-02-23 | b2-sdk-python TOCTOU application key disclosure |
| CVE-2022-23653 | 2022-02-23 | B2 Command Line Tool TOCTOU application key disclosure |
| CVE-2022-23655 | 2022-02-23 | Missing server signature validation in OctoberCMS |
| CVE-2022-24708 | 2022-02-23 | Stored XSS vulnerability in anuko/timetracker |
| CVE-2022-24707 | 2022-02-23 | SQL injection in anuko timetracker |
| CVE-2021-26252 | 2022-02-24 | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. |
| CVE-2021-3596 | 2022-02-24 | A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's... |
| CVE-2021-3610 | 2022-02-24 | A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array... |
| CVE-2022-21824 | 2022-02-24 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain... |
| CVE-2022-25148 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id |
| CVE-2021-35689 | 2022-02-24 | A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system.... |
| CVE-2022-23176 | 2022-02-24 | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS... |
| CVE-2022-25638 | 2022-02-24 | In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between... |
| CVE-2022-25640 | 2022-02-24 | In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present... |
| CVE-2019-25058 | 2022-02-24 | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the... |
| CVE-2022-25838 | 2022-02-24 | Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. |
| CVE-2022-25329 | 2022-02-24 | Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the... |
| CVE-2022-25330 | 2022-02-24 | Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. |
| CVE-2022-25331 | 2022-02-24 | Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. |
| CVE-2022-24671 | 2022-02-24 | A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate... |
| CVE-2022-24678 | 2022-02-24 | An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free... |
| CVE-2022-24679 | 2022-02-24 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro... |
| CVE-2022-24680 | 2022-02-24 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro... |
| CVE-2021-26092 | 2022-02-24 | Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4;... |
| CVE-2021-43943 | 2022-02-24 | Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the... |
| CVE-2022-25360 | 2022-02-24 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and... |
| CVE-2022-25292 | 2022-02-24 | A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade... |
| CVE-2022-25293 | 2022-02-24 | A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade... |
| CVE-2022-25363 | 2022-02-24 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and... |
| CVE-2022-25290 | 2022-02-24 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x... |
| CVE-2022-25291 | 2022-02-24 | An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update... |
| CVE-2022-21142 | 2022-02-24 | Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to... |
| CVE-2022-21179 | 2022-02-24 | Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote... |
| CVE-2022-23810 | 2022-02-24 | Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series... |
| CVE-2022-23916 | 2022-02-24 | Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42,... |
| CVE-2022-23986 | 2022-02-24 | SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. |
| CVE-2022-24374 | 2022-02-24 | Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42,... |
| CVE-2022-24435 | 2022-02-24 | Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-25355 | 2022-02-24 | EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to... |
| CVE-2022-24610 | 2022-02-24 | Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible... |