CVE List - 2022 / February
Showing 1101 - 1200 of 1942 CVEs for February 2022 (Page 12 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-25194 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. |
| CVE-2022-25195 | 2022-02-15 | A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2022-25196 | 2022-02-15 | Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins... |
| CVE-2022-25197 | 2022-02-15 | Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. |
| CVE-2022-25198 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. |
| CVE-2022-25199 | 2022-02-15 | A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. |
| CVE-2022-25200 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing... |
| CVE-2022-25201 | 2022-02-15 | Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing... |
| CVE-2022-25202 | 2022-02-15 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer... |
| CVE-2022-25203 | 2022-02-15 | Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. |
| CVE-2022-25204 | 2022-02-15 | Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control... |
| CVE-2022-25205 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if... |
| CVE-2022-25206 | 2022-02-15 | A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. |
| CVE-2022-25207 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it... |
| CVE-2022-25208 | 2022-02-15 | A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have... |
| CVE-2022-25209 | 2022-02-15 | Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-25210 | 2022-02-15 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be... |
| CVE-2022-25211 | 2022-02-15 | A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. |
| CVE-2022-25212 | 2022-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. |
| CVE-2021-43049 | 2022-02-15 | TIBCO BusinessConnect Container Edition username and password leakage |
| CVE-2021-43050 | 2022-02-15 | TIBCO BusinessConnect Container Edition administrative username and passwords leakage |
| CVE-2022-22770 | 2022-02-15 | TIBCO AuditSafe API Authentication vulnerability |
| CVE-2022-23639 | 2022-02-15 | Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils |
| CVE-2021-42714 | 2022-02-15 | Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. |
| CVE-2022-24589 | 2022-02-15 | Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2021-42713 | 2022-02-15 | Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. |
| CVE-2021-33945 | 2022-02-15 | RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP... |
| CVE-2021-37354 | 2022-02-15 | Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2021-46262 | 2022-02-15 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted... |
| CVE-2021-46263 | 2022-02-15 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted... |
| CVE-2021-46264 | 2022-02-15 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted... |
| CVE-2021-46265 | 2022-02-15 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted... |
| CVE-2021-46321 | 2022-02-15 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted... |
| CVE-2022-23641 | 2022-02-15 | Denial of Service in Discourse |
| CVE-2021-35380 | 2022-02-15 | A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining... |
| CVE-2022-23643 | 2022-02-15 | Side-channel attack in Sourcegraph Code Monitors |
| CVE-2021-46249 | 2022-02-15 | An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified... |
| CVE-2021-46250 | 2022-02-15 | An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2. |
| CVE-2021-46251 | 2022-02-15 | A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
| CVE-2021-46252 | 2022-02-15 | A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. |
| CVE-2022-0611 | 2022-02-15 | Missing Authorization in snipe/snipe-it |
| CVE-2021-3753 | 2022-02-16 | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode... |
| CVE-2021-3781 | 2022-02-16 | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document... |
| CVE-2022-25258 | 2022-02-16 | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index... |
| CVE-2022-25271 | 2022-02-16 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values... |
| CVE-2021-3560 | 2022-02-16 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be... |
| CVE-2021-43299 | 2022-02-16 | Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. |
| CVE-2021-43300 | 2022-02-16 | Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. |
| CVE-2021-43301 | 2022-02-16 | Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. |
| CVE-2021-43302 | 2022-02-16 | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. |
| CVE-2021-43303 | 2022-02-16 | Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output... |
| CVE-2022-25236 | 2022-02-16 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
| CVE-2022-25235 | 2022-02-16 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
| CVE-2022-25242 | 2022-02-16 | In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). |
| CVE-2022-25241 | 2022-02-16 | In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). |
| CVE-2022-0612 | 2022-02-16 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-0613 | 2022-02-16 | Authorization Bypass Through User-Controlled Key in medialize/uri.js |
| CVE-2022-0614 | 2022-02-16 | Use of Out-of-range Pointer Offset in mruby/mruby |
| CVE-2022-0559 | 2022-02-16 | Use After Free in radareorg/radare2 |
| CVE-2022-23358 | 2022-02-16 | EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. |
| CVE-2021-45391 | 2022-02-16 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. |
| CVE-2021-26726 | 2022-02-16 | Remote code execution in Valmet DNA before Collection 2021 |
| CVE-2021-22040 | 2022-02-16 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to... |
| CVE-2021-22041 | 2022-02-16 | VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to... |
| CVE-2021-22042 | 2022-02-16 | VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to... |
| CVE-2021-22043 | 2022-02-16 | VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate... |
| CVE-2021-22050 | 2022-02-16 | ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy... |
| CVE-2021-3551 | 2022-02-16 | A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker... |
| CVE-2021-3557 | 2022-02-16 | A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read... |
| CVE-2020-6918 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2020-6919 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2020-6917 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2020-6922 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2021-4106 | 2022-02-16 | Vulnerability in Snow Inventory Java Scanner |
| CVE-2022-0617 | 2022-02-16 | A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user... |
| CVE-2022-0513 | 2022-02-16 | WP Statistics <= 13.1.4 Unauthenticated Blind SQL Injection via exclusion_reason |
| CVE-2022-24664 | 2022-02-16 | Remote Code Execution by by Contributor+ users via WordPress metabox |
| CVE-2021-4134 | 2022-02-16 | Fancy Product Designer <= 4.7.4 Admin+ SQL Injection |
| CVE-2022-24663 | 2022-02-16 | Remote Code Execution by Subscriber+ users via WordPress shortcode |
| CVE-2022-24665 | 2022-02-16 | Remote Code Execution by by Contributor+ users via WordPress gutenberg block |
| CVE-2022-22792 | 2022-02-16 | MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters |
| CVE-2020-6920 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2020-6921 | 2022-02-16 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
| CVE-2021-39298 | 2022-02-16 | A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be... |
| CVE-2021-39297 | 2022-02-16 | Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. |
| CVE-2021-39301 | 2022-02-16 | Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. |
| CVE-2021-39299 | 2022-02-16 | Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. |
| CVE-2021-39300 | 2022-02-16 | Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. |
| CVE-2022-23193 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23192 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23188 | 2022-02-16 | Adobe Illustrator Buffer Overflow could lead to Arbitrary code execution |
| CVE-2022-23189 | 2022-02-16 | Adobe Illustrator NULL Pointer Dereference Application denial-of-service |
| CVE-2022-23186 | 2022-02-16 | Adobe Illustrator Out-of-bounds Write could lead to Arbitrary code execution |
| CVE-2022-23191 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23190 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23194 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23195 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23196 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23198 | 2022-02-16 | Adobe Illustrator NULL Pointer Dereference Application denial-of-service |
| CVE-2022-23199 | 2022-02-16 | Adobe Illustrator NULL Pointer Dereference Application denial-of-service |