CVE List - 2022 / February
Showing 401 - 500 of 1942 CVEs for February 2022 (Page 5 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24928 | 2022-02-07 | Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection |
| CVE-2021-24947 | 2022-02-07 | RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read |
| CVE-2021-24993 | 2022-02-07 | Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update |
| CVE-2021-25004 | 2022-02-07 | SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download |
| CVE-2021-25029 | 2022-02-07 | Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting |
| CVE-2021-25077 | 2022-02-07 | Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting |
| CVE-2021-25084 | 2022-02-07 | Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion |
| CVE-2021-25096 | 2022-02-07 | IP2Location Country Blocker < 2.26.5 - Ban Bypass |
| CVE-2021-25103 | 2022-02-07 | GTranslate < 2.9.7 - Reflected Cross-Site Scripting |
| CVE-2021-25105 | 2022-02-07 | Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-25106 | 2022-02-07 | WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS |
| CVE-2021-25108 | 2022-02-07 | IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF |
| CVE-2021-25114 | 2022-02-07 | Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection |
| CVE-2022-0148 | 2022-02-07 | All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2022-0149 | 2022-02-07 | WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS) |
| CVE-2022-23261 | 2022-02-07 | Microsoft Edge (Chromium-based) Tampering Vulnerability |
| CVE-2022-23262 | 2022-02-07 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-23263 | 2022-02-07 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-22931 | 2022-02-07 | Path traversal in Apache James 3.6.1 |
| CVE-2021-42833 | 2022-02-07 | Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x |
| CVE-2022-21815 | 2022-02-07 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user... |
| CVE-2022-21816 | 2022-02-07 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading... |
| CVE-2021-45281 | 2022-02-07 | QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized. |
| CVE-2022-23613 | 2022-02-07 | Privilege escalation on xrdp |
| CVE-2021-3835 | 2022-02-07 | Buffer overflow in usb device class |
| CVE-2021-3861 | 2022-02-07 | The RNDIS USB device class includes a buffer overflow vulnerability |
| CVE-2022-23624 | 2022-02-07 | Validation bypass in frourio-express |
| CVE-2022-23623 | 2022-02-07 | Validation bypass in frourio |
| CVE-2022-0523 | 2022-02-08 | Use After Free in radareorg/radare2 |
| CVE-2022-24450 | 2022-02-08 | NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. |
| CVE-2022-0506 | 2022-02-08 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-0505 | 2022-02-08 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-0504 | 2022-02-08 | Generation of Error Message Containing Sensitive Information in microweber/microweber |
| CVE-2021-20877 | 2022-02-08 | Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW)... |
| CVE-2022-21173 | 2022-02-08 | Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05... |
| CVE-2022-21193 | 2022-02-08 | Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. |
| CVE-2022-21241 | 2022-02-08 | Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that... |
| CVE-2022-21799 | 2022-02-08 | Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. |
| CVE-2022-21805 | 2022-02-08 | Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-22142 | 2022-02-08 | Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-22146 | 2022-02-08 | Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-0508 | 2022-02-08 | Server-Side Request Forgery (SSRF) in chocobozzz/peertube |
| CVE-2022-0509 | 2022-02-08 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-23331 | 2022-02-08 | In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. |
| CVE-2022-23340 | 2022-02-08 | Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. |
| CVE-2021-44957 | 2022-02-08 | Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service... |
| CVE-2021-44956 | 2022-02-08 | Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a... |
| CVE-2022-0510 | 2022-02-08 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2021-44864 | 2022-02-08 | TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. |
| CVE-2021-45325 | 2022-02-08 | Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. |
| CVE-2021-45326 | 2022-02-08 | Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. |
| CVE-2021-45327 | 2022-02-08 | Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute... |
| CVE-2021-45328 | 2022-02-08 | Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. |
| CVE-2022-0139 | 2022-02-08 | Use After Free in radareorg/radare2 |
| CVE-2022-21702 | 2022-02-08 | Cross site scripting in Grafana proxy |
| CVE-2022-0518 | 2022-02-08 | Heap-based Buffer Overflow in radareorg/radare2 |
| CVE-2022-0519 | 2022-02-08 | Buffer Access with Incorrect Length Value in radareorg/radare2 |
| CVE-2022-21703 | 2022-02-08 | Cross Site Request Forgery in Grafana |
| CVE-2022-0520 | 2022-02-08 | Use After Free in radareorg/radare2 |
| CVE-2022-0521 | 2022-02-08 | Access of Memory Location After End of Buffer in radareorg/radare2 |
| CVE-2022-21713 | 2022-02-08 | Exposure of Sensitive Information in Grafana |
| CVE-2022-0522 | 2022-02-08 | Access of Memory Location Before Start of Buffer in radareorg/radare2 |
| CVE-2022-23626 | 2022-02-08 | Insufficient file checks in m1k1o/blog |
| CVE-2022-0524 | 2022-02-08 | Business Logic Errors in publify/publify |
| CVE-2021-45329 | 2022-02-08 | Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. |
| CVE-2021-45919 | 2022-02-08 | Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. |
| CVE-2022-23627 | 2022-02-08 | Inadequate access verification when using proxy commands in ArchiSteamFarm |
| CVE-2022-24677 | 2022-02-08 | Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. |
| CVE-2022-24676 | 2022-02-08 | update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. |
| CVE-2021-46360 | 2022-02-09 | Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. |
| CVE-2022-22807 | 2022-02-09 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use... |
| CVE-2022-22808 | 2022-02-09 | A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site... |
| CVE-2022-22809 | 2022-02-09 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations.... |
| CVE-2022-0391 | 2022-02-09 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does... |
| CVE-2022-24682 | 2022-02-09 | An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker... |
| CVE-2022-0525 | 2022-02-09 | Out-of-bounds Read in mruby/mruby |
| CVE-2022-0526 | 2022-02-09 | Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot |
| CVE-2022-0527 | 2022-02-09 | Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot |
| CVE-2022-24694 | 2022-02-09 | In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders.... |
| CVE-2021-37852 | 2022-02-09 | LPE in ESET products for Windows |
| CVE-2022-0536 | 2022-02-09 | Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects |
| CVE-2021-40837 | 2022-02-09 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-25939 | 2022-02-09 | ArangoDB - Blind SSRF when Downloading Foxx Service from URL |
| CVE-2022-23378 | 2022-02-09 | A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. |
| CVE-2021-46354 | 2022-02-09 | Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to... |
| CVE-2022-0538 | 2022-02-09 | Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. |
| CVE-2022-0539 | 2022-02-09 | Cross-site Scripting (XSS) - Stored in ptrofimov/beanstalk_console |
| CVE-2021-3813 | 2022-02-09 | Improper Privilege Management in chatwoot/chatwoot |
| CVE-2021-37185 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >=... |
| CVE-2021-37194 | 2022-02-09 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4... |
| CVE-2021-37204 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU... |
| CVE-2021-37205 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >=... |
| CVE-2021-40360 | 2022-02-09 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15... |
| CVE-2021-40363 | 2022-02-09 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15... |
| CVE-2021-44000 | 2022-02-09 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions... |
| CVE-2021-44016 | 2022-02-09 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions... |
| CVE-2021-44018 | 2022-02-09 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions... |
| CVE-2021-45106 | 2022-02-09 | A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the... |
| CVE-2021-46151 | 2022-02-09 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... |
| CVE-2021-46152 | 2022-02-09 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow... |