Lista CVE - 2022 / Febbraio
Visualizzazione 1201 - 1300 di 1942 CVE per Febbraio 2022 (Pagina 13 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-23197 | 2022-02-16 | Adobe Illustrator Out-of-bounds Read could lead to Memory leak |
| CVE-2022-23203 | 2022-02-16 | Adobe Photoshop Buffer Overflow could lead to Arbitrary code execution |
| CVE-2022-23204 | 2022-02-16 | Adobe Premiere Rush JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-23200 | 2022-02-16 | Adobe After Effects 3GP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-24086 | 2022-02-16 | Adobe Commerce checkout improper input validation leads to remote code execution |
| CVE-2022-23202 | 2022-02-16 | Adobe Creative Cloud Desktop Uncontrolled Search Path Element Arbitrary code execution |
| CVE-2021-21958 | 2022-02-16 | A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution.... |
| CVE-2021-21966 | 2022-02-16 | An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An... |
| CVE-2022-23803 | 2022-02-16 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon... |
| CVE-2022-23804 | 2022-02-16 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon... |
| CVE-2022-22945 | 2022-02-16 | VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. |
| CVE-2019-4291 | 2022-02-16 | IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697. |
| CVE-2019-4351 | 2022-02-16 | IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493. |
| CVE-2019-4352 | 2022-02-16 | IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494. |
| CVE-2021-23682 | 2022-02-16 | Prototype Pollution |
| CVE-2022-22853 | 2022-02-16 | A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name... |
| CVE-2022-23644 | 2022-02-16 | Server-side request forgery in BookWyrm |
| CVE-2021-3760 | 2022-02-16 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. |
| CVE-2021-3773 | 2022-02-16 | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. |
| CVE-2021-3578 | 2022-02-16 | A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end... |
| CVE-2021-3752 | 2022-02-16 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw... |
| CVE-2022-25255 | 2022-02-16 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the... |
| CVE-2021-3242 | 2022-02-16 | DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. |
| CVE-2022-25265 | 2022-02-16 | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This... |
| CVE-2022-24981 | 2022-02-16 | A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. |
| CVE-2022-24982 | 2022-02-16 | Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials. |
| CVE-2022-24983 | 2022-02-16 | Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to... |
| CVE-2022-24984 | 2022-02-16 | Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur... |
| CVE-2022-24985 | 2022-02-16 | Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is... |
| CVE-2022-22880 | 2022-02-16 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. |
| CVE-2022-22881 | 2022-02-16 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. |
| CVE-2022-22885 | 2022-02-16 | Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. |
| CVE-2022-23636 | 2022-02-16 | Invalid drop of partially-initialized instances in wasmtime |
| CVE-2022-25270 | 2022-02-16 | The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are... |
| CVE-2021-44731 | 2022-02-17 | snapd could be made to escalate privileges and run programs as administrator |
| CVE-2022-0629 | 2022-02-17 | Stack-based Buffer Overflow in vim/vim |
| CVE-2022-0639 | 2022-02-17 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse |
| CVE-2022-0622 | 2022-02-17 | Generation of Error Message Containing Sensitive Information in snipe/snipe-it |
| CVE-2022-22901 | 2022-02-17 | There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. |
| CVE-2022-24953 | 2022-02-17 | The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. |
| CVE-2022-0623 | 2022-02-17 | Out-of-bounds Read in mruby/mruby |
| CVE-2021-46368 | 2022-02-17 | TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. |
| CVE-2022-23318 | 2022-02-17 | A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application... |
| CVE-2022-22899 | 2022-02-17 | Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service. |
| CVE-2022-23319 | 2022-02-17 | A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the... |
| CVE-2022-23632 | 2022-02-17 | Traefik skips the router TLS configuration when the host header is an FQDN |
| CVE-2022-20659 | 2022-02-17 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability |
| CVE-2022-20750 | 2022-02-17 | Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability |
| CVE-2022-20653 | 2022-02-17 | Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability |
| CVE-2021-44868 | 2022-02-17 | A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do |
| CVE-2021-39034 | 2022-02-17 | IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964. |
| CVE-2022-0638 | 2022-02-17 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-24683 | 2022-02-17 | HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. |
| CVE-2021-46247 | 2022-02-17 | The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. |
| CVE-2022-0633 | 2022-02-17 | UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download |
| CVE-2022-22912 | 2022-02-17 | Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution. |
| CVE-2014-8597 | 2022-02-17 | A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. |
| CVE-2021-45382 | 2022-02-17 | A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L,... |
| CVE-2022-23646 | 2022-02-17 | Improper CSP in Image Optimization API for Next.js |
| CVE-2022-22914 | 2022-02-17 | An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. |
| CVE-2021-46314 | 2022-02-17 | A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a... |
| CVE-2022-22916 | 2022-02-17 | O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. |
| CVE-2021-46315 | 2022-02-17 | Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell... |
| CVE-2021-46319 | 2022-02-17 | Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters... |
| CVE-2021-3155 | 2022-02-17 | snapd created ~/snap with too-wide permissions |
| CVE-2021-44730 | 2022-02-17 | snapd could be made to escalate privileges and run programs as administrator |
| CVE-2021-4120 | 2022-02-17 | snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths |
| CVE-2021-41599 | 2022-02-17 | Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution |
| CVE-2016-2124 | 2022-02-18 | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication... |
| CVE-2020-25717 | 2022-02-18 | A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. |
| CVE-2020-25718 | 2022-02-18 | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print... |
| CVE-2020-25719 | 2022-02-18 | A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket... |
| CVE-2020-25722 | 2022-02-18 | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. |
| CVE-2021-20315 | 2022-02-18 | A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This... |
| CVE-2021-3948 | 2022-02-18 | An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target... |
| CVE-2021-4090 | 2022-02-18 | An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this... |
| CVE-2022-25317 | 2022-02-18 | An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description. |
| CVE-2022-25318 | 2022-02-18 | An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups. |
| CVE-2022-25319 | 2022-02-18 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. |
| CVE-2022-25320 | 2022-02-18 | An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. |
| CVE-2022-25321 | 2022-02-18 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. |
| CVE-2021-4091 | 2022-02-18 | A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly,... |
| CVE-2022-0585 | 2022-02-18 | Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file |
| CVE-2022-22922 | 2022-02-18 | TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. |
| CVE-2021-46108 | 2022-02-18 | D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. |
| CVE-2022-25313 | 2022-02-18 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
| CVE-2022-25315 | 2022-02-18 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
| CVE-2022-25314 | 2022-02-18 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
| CVE-2020-8107 | 2022-02-18 | Process Control vulnerability in Bitdefender Antivirus Plus |
| CVE-2022-0660 | 2022-02-18 | Generation of Error Message Containing Sensitive Information in microweber/microweber |
| CVE-2021-46372 | 2022-02-18 | Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. |
| CVE-2022-25298 | 2022-02-18 | Path Traversal |
| CVE-2022-25299 | 2022-02-18 | Arbitrary File Write |
| CVE-2022-0451 | 2022-02-18 | Auth bypass in Dark SDK |
| CVE-2022-0631 | 2022-02-18 | Heap-based Buffer Overflow in mruby/mruby |
| CVE-2022-0664 | 2022-02-18 | Use of Hard-coded Cryptographic Key in gravitl/netmaker |
| CVE-2022-23647 | 2022-02-18 | Cross-site Scripting in Prism |
| CVE-2022-0666 | 2022-02-18 | CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber |
| CVE-2022-25323 | 2022-02-18 | ZEROF Web Server 2.0 allows /admin.back XSS. |
| CVE-2022-25322 | 2022-02-18 | ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. |