CVE List - 2022 / February
Showing 901 - 1000 of 1942 CVEs for February 2022 (Page 10 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-39672 | 2022-02-11 | In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2021-39676 | 2022-02-11 | In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-0185 | 2022-02-11 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in... |
| CVE-2021-0524 | 2022-02-11 | In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-39677 | 2022-02-11 | In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 |
| CVE-2021-39687 | 2022-02-11 | In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-39688 | 2022-02-11 | In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-34235 | 2022-02-11 | Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. |
| CVE-2020-26728 | 2022-02-11 | A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall... |
| CVE-2022-22766 | 2022-02-11 | BD Pyxis Products - Hardcoded Credentials |
| CVE-2022-24968 | 2022-02-11 | In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification... |
| CVE-2021-20001 | 2022-02-11 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result... |
| CVE-2021-23555 | 2022-02-11 | Sandbox Bypass |
| CVE-2021-46361 | 2022-02-11 | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. |
| CVE-2021-46362 | 2022-02-11 | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into... |
| CVE-2021-46363 | 2022-02-11 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution... |
| CVE-2021-46364 | 2022-02-11 | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. |
| CVE-2021-46365 | 2022-02-11 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. |
| CVE-2021-46366 | 2022-02-11 | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute... |
| CVE-2022-23634 | 2022-02-11 | Information Exposure when using Puma with Rails |
| CVE-2021-4098 | 2022-02-11 | Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-4099 | 2022-02-11 | Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4100 | 2022-02-11 | Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4101 | 2022-02-11 | Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4102 | 2022-02-11 | Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0096 | 2022-02-11 | Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0097 | 2022-02-11 | Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the... |
| CVE-2022-0098 | 2022-02-11 | Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit... |
| CVE-2022-0099 | 2022-02-11 | Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via... |
| CVE-2022-0100 | 2022-02-11 | Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0101 | 2022-02-11 | Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via... |
| CVE-2022-0102 | 2022-02-11 | Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0103 | 2022-02-11 | Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0104 | 2022-02-11 | Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0105 | 2022-02-11 | Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0106 | 2022-02-11 | Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via... |
| CVE-2022-0107 | 2022-02-11 | Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially... |
| CVE-2022-0109 | 2022-02-11 | Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. |
| CVE-2022-0110 | 2022-02-11 | Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2022-0111 | 2022-02-11 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. |
| CVE-2022-0112 | 2022-02-11 | Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. |
| CVE-2022-0113 | 2022-02-11 | Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-0114 | 2022-02-11 | Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted... |
| CVE-2022-0115 | 2022-02-11 | Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2022-0116 | 2022-02-11 | Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2022-0117 | 2022-02-11 | Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-0118 | 2022-02-11 | Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2022-0120 | 2022-02-11 | Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. |
| CVE-2022-0289 | 2022-02-12 | Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0290 | 2022-02-12 | Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2022-0291 | 2022-02-12 | Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2022-0292 | 2022-02-12 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. |
| CVE-2022-0293 | 2022-02-12 | Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0294 | 2022-02-12 | Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2022-0295 | 2022-02-12 | Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption... |
| CVE-2022-0296 | 2022-02-12 | Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption... |
| CVE-2022-0297 | 2022-02-12 | Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0298 | 2022-02-12 | Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0300 | 2022-02-12 | Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions... |
| CVE-2022-0301 | 2022-02-12 | Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-0302 | 2022-02-12 | Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via... |
| CVE-2022-0304 | 2022-02-12 | Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption... |
| CVE-2022-0305 | 2022-02-12 | Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML... |
| CVE-2022-0306 | 2022-02-12 | Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0307 | 2022-02-12 | Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-0308 | 2022-02-12 | Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to... |
| CVE-2022-0309 | 2022-02-12 | Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2022-0310 | 2022-02-12 | Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. |
| CVE-2022-0311 | 2022-02-12 | Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-22765 | 2022-02-12 | BD Viper LT System - Hardcoded Credentials |
| CVE-2022-0565 | 2022-02-12 | Cross-site Scripting in pimcore/pimcore |
| CVE-2022-0569 | 2022-02-12 | Observable Discrepancy in snipe/snipe-it |
| CVE-2021-44879 | 2022-02-13 | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. |
| CVE-2022-0572 | 2022-02-13 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-0570 | 2022-02-13 | Heap-based Buffer Overflow in mruby/mruby |
| CVE-2021-45444 | 2022-02-13 | In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive... |
| CVE-2022-24976 | 2022-02-13 | Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. |
| CVE-2022-24977 | 2022-02-13 | ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed... |
| CVE-2022-0571 | 2022-02-13 | Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0576 | 2022-02-13 | Cross-site Scripting (XSS) - Generic in librenms/librenms |
| CVE-2022-0575 | 2022-02-13 | Cross-site Scripting (XSS) - Stored in librenms/librenms |
| CVE-2021-45346 | 2022-02-14 | A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record,... |
| CVE-2022-0512 | 2022-02-14 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse |
| CVE-2022-0581 | 2022-02-14 | Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
| CVE-2022-0582 | 2022-02-14 | Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
| CVE-2022-0583 | 2022-02-14 | Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
| CVE-2022-0586 | 2022-02-14 | Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
| CVE-2022-24110 | 2022-02-14 | Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. |
| CVE-2021-24446 | 2022-02-14 | Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24874 | 2022-02-14 | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting |
| CVE-2021-24904 | 2022-02-14 | Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25014 | 2022-02-14 | Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25018 | 2022-02-14 | PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25033 | 2022-02-14 | Noptin < 1.6.5 - Open Redirect |
| CVE-2021-25050 | 2022-02-14 | Remove Footer Credit < 1.0.11 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25107 | 2022-02-14 | Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-25109 | 2022-02-14 | Futurio Extra < 1.6.3 - Authenticated SQL Injection |
| CVE-2021-25110 | 2022-02-14 | Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure |
| CVE-2021-25115 | 2022-02-14 | WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS) |
| CVE-2022-0176 | 2022-02-14 | PowerPack Lite for Beaver Builder < 1.2.9.3 - Reflected Cross-Site Scripting |