CVE List - 2022 / February
Showing 701 - 800 of 1942 CVEs for February 2022 (Page 8 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-22536 | 2022-02-09 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated... |
| CVE-2022-22539 | 2022-02-09 | When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily... |
| CVE-2022-22542 | 2022-02-09 | S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the... |
| CVE-2022-22543 | 2022-02-09 | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC... |
| CVE-2022-22545 | 2022-02-09 | A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform... |
| CVE-2022-22546 | 2022-02-09 | Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420. |
| CVE-2022-22544 | 2022-02-09 | Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could... |
| CVE-2021-26613 | 2022-02-09 | tobesoft nexacro arbitrary file creation vulnerability |
| CVE-2022-0162 | 2022-02-09 | Vulnerability in TP-LinK TL-WR841N wireless router |
| CVE-2022-20024 | 2022-02-09 | In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-20025 | 2022-02-09 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20026 | 2022-02-09 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20027 | 2022-02-09 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20028 | 2022-02-09 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20029 | 2022-02-09 | In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-20030 | 2022-02-09 | In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-20031 | 2022-02-09 | In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-20032 | 2022-02-09 | In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2022-20017 | 2022-02-09 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-20033 | 2022-02-09 | In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-20034 | 2022-02-09 | In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical... |
| CVE-2022-20035 | 2022-02-09 | In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20036 | 2022-02-09 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-20037 | 2022-02-09 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-20038 | 2022-02-09 | In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20039 | 2022-02-09 | In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20040 | 2022-02-09 | In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20041 | 2022-02-09 | In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-20042 | 2022-02-09 | In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not... |
| CVE-2022-20043 | 2022-02-09 | In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-20044 | 2022-02-09 | In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20045 | 2022-02-09 | In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2021-26616 | 2022-02-09 | SecuwaySSL OS command injection vulnerability |
| CVE-2022-20046 | 2022-02-09 | In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2022-0530 | 2022-02-09 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw... |
| CVE-2022-0529 | 2022-02-09 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw... |
| CVE-2022-21825 | 2022-02-09 | An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. |
| CVE-2021-22954 | 2022-02-09 | A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. |
| CVE-2022-0554 | 2022-02-10 | Use of Out-of-range Pointer Offset in vim/vim |
| CVE-2022-0558 | 2022-02-10 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2021-25992 | 2022-02-10 | ifme - Insufficient Session Expiration |
| CVE-2021-45901 | 2022-02-10 | The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. |
| CVE-2022-24111 | 2022-02-10 | In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels... |
| CVE-2021-44892 | 2022-02-10 | A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. |
| CVE-2021-3398 | 2022-02-10 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. |
| CVE-2021-37613 | 2022-02-10 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. |
| CVE-2021-31814 | 2022-02-10 | In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. |
| CVE-2021-41445 | 2022-02-10 | A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific... |
| CVE-2022-20749 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20738 | 2022-02-10 | Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability |
| CVE-2022-20712 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20711 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20710 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20709 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20708 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20707 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20706 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20705 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20704 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20703 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20702 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20701 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20700 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20699 | 2022-02-10 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20630 | 2022-02-10 | Cisco DNA Center Information Disclosure Vulnerability |
| CVE-2022-20680 | 2022-02-10 | Cisco Prime Service Catalog Information Disclosure Vulnerability |
| CVE-2021-45357 | 2022-02-10 | Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. |
| CVE-2022-0011 | 2022-02-10 | PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering |
| CVE-2022-0016 | 2022-02-10 | GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon |
| CVE-2022-0017 | 2022-02-10 | GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation |
| CVE-2022-0018 | 2022-02-10 | GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled |
| CVE-2022-0019 | 2022-02-10 | GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux |
| CVE-2022-0020 | 2022-02-10 | Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface |
| CVE-2022-0021 | 2022-02-10 | GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon |
| CVE-2022-23321 | 2022-02-10 | A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. |
| CVE-2021-44850 | 2022-02-10 | On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and... |
| CVE-2021-45364 | 2022-02-10 | A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties... |
| CVE-2022-24568 | 2022-02-10 | Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. |
| CVE-2022-24916 | 2022-02-10 | Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction. |
| CVE-2022-23630 | 2022-02-10 | Dependency verification bypass in Gradle |
| CVE-2021-42000 | 2022-02-10 | Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows |
| CVE-2021-44969 | 2022-02-10 | Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. |
| CVE-2021-44970 | 2022-02-10 | MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. |
| CVE-2022-24646 | 2022-02-10 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. |
| CVE-2022-24647 | 2022-02-10 | Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. |
| CVE-2021-45386 | 2022-02-11 | tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c |
| CVE-2021-45387 | 2022-02-11 | tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. |
| CVE-2022-0108 | 2022-02-11 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-0382 | 2022-02-11 | An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more... |
| CVE-2022-0561 | 2022-02-11 | Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF... |
| CVE-2022-0562 | 2022-02-11 | Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF... |
| CVE-2022-23633 | 2022-02-11 | Exposure of sensitive information in Action Pack |
| CVE-2022-23806 | 2022-02-11 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. |
| CVE-2022-23853 | 2022-02-11 | The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given... |
| CVE-2022-24975 | 2022-02-11 | The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely... |
| CVE-2022-23772 | 2022-02-11 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. |
| CVE-2022-23773 | 2022-02-11 | cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor... |
| CVE-2022-24955 | 2022-02-11 | Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. |
| CVE-2022-24954 | 2022-02-11 | Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings. |
| CVE-2022-24959 | 2022-02-11 | An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. |