CVE List - 2022 / February
Showing 301 - 400 of 1942 CVEs for February 2022 (Page 4 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24114 | 2022-02-04 | Local privilege escalation due to race condition on application startup |
| CVE-2021-44204 | 2022-02-04 | Local privilege escalation via named pipe due to improper access control checks |
| CVE-2021-44206 | 2022-02-04 | Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service |
| CVE-2022-22722 | 2022-02-04 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active... |
| CVE-2022-22723 | 2022-02-04 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are... |
| CVE-2020-7534 | 2022-02-04 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the... |
| CVE-2022-22724 | 2022-02-04 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or... |
| CVE-2022-22725 | 2022-02-04 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are... |
| CVE-2022-22726 | 2022-02-04 | A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product:... |
| CVE-2022-22727 | 2022-02-04 | A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine... |
| CVE-2022-22804 | 2022-02-04 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the... |
| CVE-2021-43841 | 2022-02-04 | XSS by SVG upload in xwiki-platform |
| CVE-2021-39021 | 2022-02-04 | IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration.... |
| CVE-2022-23605 | 2022-02-04 | Expired Ephemeral Messages not reliably removed in wire-webapp |
| CVE-2022-0472 | 2022-02-04 | Unrestricted Upload of File with Dangerous Type in jsdecena/laracom |
| CVE-2022-23600 | 2022-02-04 | Limited ability to spoof SAML authentication with missing audience verification |
| CVE-2022-23593 | 2022-02-04 | Segfault in `simplifyBroadcast` in Tensorflow |
| CVE-2022-23591 | 2022-02-04 | Stack overflow in Tensorflow |
| CVE-2022-23590 | 2022-02-04 | Crash due to erroneous `StatusOr` in Tensorflow |
| CVE-2022-23594 | 2022-02-04 | Out of bounds read in Tensorflow |
| CVE-2022-23595 | 2022-02-04 | Null pointer dereference in TensorFlow |
| CVE-2022-23587 | 2022-02-04 | Integer overflow in Tensorflow |
| CVE-2022-23592 | 2022-02-04 | Out of bounds read in Tensorflow |
| CVE-2022-23584 | 2022-02-04 | Use after free in `DecodePng` in Tensorflow |
| CVE-2022-23582 | 2022-02-04 | `CHECK`-failures in `TensorByteSize` in Tensorflow |
| CVE-2022-23583 | 2022-02-04 | `CHECK`-failures in binary ops in Tensorflow |
| CVE-2022-23586 | 2022-02-04 | Multiple `CHECK`-fails in `function.cc` in Tensorflow |
| CVE-2022-23589 | 2022-02-04 | Null pointer dereference in Grappler's `IsConstant` in Tensorflow |
| CVE-2022-23588 | 2022-02-04 | `CHECK`-fails due to attempting to build a reference tensor in Tensorflow |
| CVE-2022-23576 | 2022-02-04 | Integer overflow in Tensorflow |
| CVE-2022-23575 | 2022-02-04 | Integer overflow in Tensorflow |
| CVE-2022-23581 | 2022-02-04 | `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow |
| CVE-2022-23580 | 2022-02-04 | Abort caused by allocating a vector that is too large in Tensorflow |
| CVE-2022-23579 | 2022-02-04 | `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow |
| CVE-2022-23585 | 2022-02-04 | Memory leak in decoding PNG images in Tensorflow |
| CVE-2022-23573 | 2022-02-04 | Uninitialized variable access in Tensorflow |
| CVE-2022-23572 | 2022-02-04 | Crash when type cannot be specialized in Tensorflow |
| CVE-2022-23578 | 2022-02-04 | Memory leak in Tensorflow |
| CVE-2022-23577 | 2022-02-04 | Null-dereference in Tensorflow |
| CVE-2022-23566 | 2022-02-04 | Out of bounds write in Tensorflow |
| CVE-2022-23571 | 2022-02-04 | Reachable Assertion in Tensorflow |
| CVE-2022-23574 | 2022-02-04 | Out of bounds read and write in Tensorflow |
| CVE-2022-23560 | 2022-02-04 | Read and Write outside of bounds in TFLite |
| CVE-2022-23559 | 2022-02-04 | Integer overflow in TFLite |
| CVE-2022-23563 | 2022-02-04 | Insecure temporary file in Tensorflow |
| CVE-2022-23562 | 2022-02-04 | Integer overflow in Tensorflow |
| CVE-2022-23565 | 2022-02-04 | `CHECK`-failures in Tensorflow |
| CVE-2022-23564 | 2022-02-04 | Reachable Assertion in Tensorflow |
| CVE-2022-23570 | 2022-02-04 | Null-dereference in Tensorflow |
| CVE-2022-23558 | 2022-02-04 | Integer overflow in TFLite array creation |
| CVE-2022-23557 | 2022-02-04 | Division by zero in TFLite |
| CVE-2022-23561 | 2022-02-04 | Out of bounds write in TFLite |
| CVE-2022-23611 | 2022-02-04 | OS command injection in iTunesRPC-Remastered |
| CVE-2022-23609 | 2022-02-04 | Path traveresal in iTunesRPC-Remastered |
| CVE-2021-36151 | 2022-02-04 | Local Credentials Disclosure Vulnerability |
| CVE-2021-36152 | 2022-02-04 | Insecure TrustManager used in LDAP connections |
| CVE-2022-23805 | 2022-02-04 | A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash... |
| CVE-2022-0481 | 2022-02-04 | NULL Pointer Dereference in mruby/mruby |
| CVE-2022-23913 | 2022-02-04 | Apache ActiveMQ Artemis DoS |
| CVE-2022-0317 | 2022-02-04 | Improper Input Validation in AKPublic.Verify in go-attestation |
| CVE-2013-20003 | 2022-02-04 | Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to... |
| CVE-2018-25029 | 2022-02-04 | The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit... |
| CVE-2021-38960 | 2022-02-04 | IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. |
| CVE-2021-32036 | 2022-02-04 | Denial of Service and Data Integrity vulnerability in features command |
| CVE-2022-0437 | 2022-02-05 | Cross-site Scripting (XSS) - DOM in karma-runner/karma |
| CVE-2022-0501 | 2022-02-05 | Cross-site Scripting (XSS) - Reflected in ptrofimov/beanstalk_console |
| CVE-2021-38172 | 2022-02-05 | perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) |
| CVE-2021-41816 | 2022-02-06 | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long... |
| CVE-2022-0502 | 2022-02-06 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat |
| CVE-2022-23206 | 2022-02-06 | Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth |
| CVE-2022-24552 | 2022-02-06 | A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as... |
| CVE-2022-24551 | 2022-02-06 | A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password... |
| CVE-2013-20004 | 2022-02-06 | A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service... |
| CVE-2007-20001 | 2022-02-06 | A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This... |
| CVE-2021-39280 | 2022-02-06 | Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1,... |
| CVE-2022-22831 | 2022-02-06 | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. |
| CVE-2022-22832 | 2022-02-06 | An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. |
| CVE-2022-22833 | 2022-02-06 | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. |
| CVE-2021-25095 | 2022-02-07 | IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban |
| CVE-2022-21813 | 2022-02-07 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access... |
| CVE-2022-21814 | 2022-02-07 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write... |
| CVE-2022-21712 | 2022-02-07 | Cookie and header exposure in twisted |
| CVE-2022-22680 | 2022-02-07 | Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2021-43925 | 2022-02-07 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL... |
| CVE-2021-43926 | 2022-02-07 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL... |
| CVE-2021-43927 | 2022-02-07 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL... |
| CVE-2021-43928 | 2022-02-07 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users... |
| CVE-2021-43929 | 2022-02-07 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to... |
| CVE-2022-22679 | 2022-02-07 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary... |
| CVE-2022-23184 | 2022-02-07 | In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. |
| CVE-2022-0473 | 2022-02-07 | Dynamic field error message is vulnerable to XSS |
| CVE-2022-0474 | 2022-02-07 | Disclosure of mail addresses |
| CVE-2022-23320 | 2022-02-07 | XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and... |
| CVE-2021-46359 | 2022-02-07 | FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. |
| CVE-2021-46389 | 2022-02-07 | IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. |
| CVE-2021-24839 | 2022-02-07 | SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion |
| CVE-2021-24843 | 2022-02-07 | SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF |
| CVE-2021-24878 | 2022-02-07 | SupportCandy < 2.2.7 - Reflected Cross-Site Scripting |
| CVE-2021-24879 | 2022-02-07 | SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting |
| CVE-2021-24880 | 2022-02-07 | SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting |