Lista CVE - 2022 / Febbraio
Visualizzazione 1701 - 1800 di 1942 CVE per Febbraio 2022 (Pagina 18 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-0695 | 2022-02-24 | Denial of Service in radareorg/radare2 |
| CVE-2022-24613 | 2022-02-24 | metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a... |
| CVE-2022-24614 | 2022-02-24 | When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very... |
| CVE-2022-24615 | 2022-02-24 | zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a... |
| CVE-2022-24687 | 2022-02-24 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can... |
| CVE-2022-0732 | 2022-02-24 | The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. |
| CVE-2022-22794 | 2022-02-24 | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection |
| CVE-2022-22793 | 2022-02-24 | Cybonet - PineApp Mail Relay Local File Inclusion |
| CVE-2021-38994 | 2022-02-24 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force... |
| CVE-2021-38995 | 2022-02-24 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force... |
| CVE-2021-39038 | 2022-02-24 | IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a... |
| CVE-2022-22349 | 2022-02-24 | IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which... |
| CVE-2022-24232 | 2022-02-24 | A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-25003 | 2022-02-24 | Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. |
| CVE-2022-25004 | 2022-02-24 | Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. |
| CVE-2022-23135 | 2022-02-24 | There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could... |
| CVE-2020-14504 | 2022-02-24 | The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the... |
| CVE-2020-14502 | 2022-02-24 | The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could... |
| CVE-2022-23922 | 2022-02-24 | WIN-911 2021 Incorrect Default Permissions |
| CVE-2022-23104 | 2022-02-24 | WIN-911 2021 Incorrect Default Permissions |
| CVE-2021-44531 | 2022-02-24 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3,... |
| CVE-2021-44532 | 2022-02-24 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when... |
| CVE-2021-44533 | 2022-02-24 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that... |
| CVE-2022-0653 | 2022-02-24 | Profile Builder – User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting |
| CVE-2022-0710 | 2022-02-24 | Header Footer Code Manager <= 1.1.16 Reflected XSS |
| CVE-2022-0651 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_type |
| CVE-2022-0683 | 2022-02-24 | Essential Addons for Elementor Lite <= 5.0.8 Reflected Cross-Site Scripting |
| CVE-2022-25149 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP |
| CVE-2022-25306 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser |
| CVE-2022-25305 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP |
| CVE-2022-25307 | 2022-02-24 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via platform |
| CVE-2020-14478 | 2022-02-24 | IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 |
| CVE-2020-14481 | 2022-02-24 | The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows... |
| CVE-2020-14480 | 2022-02-24 | Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. |
| CVE-2022-0544 | 2022-02-24 | An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw... |
| CVE-2022-0545 | 2022-02-24 | An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code... |
| CVE-2022-0546 | 2022-02-24 | A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or... |
| CVE-2020-10635 | 2022-02-24 | ICSA-20-098-05 KUKA.Sim Pro Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
| CVE-2021-4021 | 2022-02-24 | A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can... |
| CVE-2020-10632 | 2022-02-24 | ICSA-20-140-02 Emerson OpenEnterprise |
| CVE-2020-10640 | 2022-02-24 | ICSA-20-140-02 Emerson OpenEnterprise |
| CVE-2020-10636 | 2022-02-24 | ICSA-20-140-02 Emerson OpenEnterprise |
| CVE-2021-3700 | 2022-02-24 | A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the... |
| CVE-2021-3607 | 2022-02-24 | An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest... |
| CVE-2021-3608 | 2022-02-24 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and... |
| CVE-2021-44662 | 2022-02-24 | A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. |
| CVE-2021-44663 | 2022-02-24 | A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. |
| CVE-2022-24709 | 2022-02-24 | Cross site scripting in @awsui/components-react |
| CVE-2021-44664 | 2022-02-24 | An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file... |
| CVE-2021-44665 | 2022-02-24 | A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. |
| CVE-2021-43745 | 2022-02-24 | A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function |
| CVE-2021-29216 | 2022-02-24 | A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global... |
| CVE-2021-29217 | 2022-02-24 | A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global... |
| CVE-2022-23701 | 2022-02-24 | A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to... |
| CVE-2021-29220 | 2022-02-24 | Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute... |
| CVE-2021-39364 | 2022-02-24 | Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. |
| CVE-2021-39363 | 2022-02-24 | Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. |
| CVE-2022-23835 | 2022-02-25 | The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing... |
| CVE-2021-34359 | 2022-02-25 | Stored XSS Vulnerability in Proxy Server |
| CVE-2021-34361 | 2022-02-25 | Reflected XSS Vulnerability in Proxy Server |
| CVE-2021-45229 | 2022-02-25 | Apache Airflow: Reflected XSS via Origin Query Argument in URL |
| CVE-2022-24288 | 2022-02-25 | Apache Airflow: RCE in example DAGs |
| CVE-2022-24947 | 2022-02-25 | Apache JSPWiki CSRF Account Takeover |
| CVE-2022-24948 | 2022-02-25 | Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen |
| CVE-2022-0746 | 2022-02-25 | Business Logic Errors in dolibarr/dolibarr |
| CVE-2022-25326 | 2022-02-25 | Denial of Service in fscrypt |
| CVE-2022-25327 | 2022-02-25 | Local Denial of Service in fscrypt PAM module |
| CVE-2022-25328 | 2022-02-25 | Privilege escalation through command injection in fscrypt |
| CVE-2022-0247 | 2022-02-25 | Write access to VMO data through copy-on-write in Fuchsia |
| CVE-2022-24612 | 2022-02-25 | An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. |
| CVE-2022-24594 | 2022-02-25 | In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. |
| CVE-2022-25374 | 2022-02-25 | HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. |
| CVE-2022-24327 | 2022-02-25 | In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. |
| CVE-2022-24328 | 2022-02-25 | In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. |
| CVE-2022-24329 | 2022-02-25 | In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. |
| CVE-2022-24330 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. |
| CVE-2022-24331 | 2022-02-25 | In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. |
| CVE-2022-24332 | 2022-02-25 | In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. |
| CVE-2022-24333 | 2022-02-25 | In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. |
| CVE-2022-24334 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. |
| CVE-2022-24335 | 2022-02-25 | JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. |
| CVE-2022-24336 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. |
| CVE-2022-24337 | 2022-02-25 | In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. |
| CVE-2022-24338 | 2022-02-25 | JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. |
| CVE-2022-24339 | 2022-02-25 | JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. |
| CVE-2022-24340 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. |
| CVE-2022-24341 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. |
| CVE-2022-24342 | 2022-02-25 | In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. |
| CVE-2022-24343 | 2022-02-25 | In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. |
| CVE-2022-24344 | 2022-02-25 | JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. |
| CVE-2022-24345 | 2022-02-25 | In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. |
| CVE-2022-24346 | 2022-02-25 | In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. |
| CVE-2022-24347 | 2022-02-25 | JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. |
| CVE-2021-45977 | 2022-02-25 | JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm... |
| CVE-2021-38993 | 2022-02-25 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force... |
| CVE-2022-0615 | 2022-02-25 | Use-after-free vulnerability in ESET products for Linux |
| CVE-2022-23985 | 2022-02-25 | ICSA-22-055-01 FATEK Automation FvDesigner |
| CVE-2022-21209 | 2022-02-25 | ICSA-22-055-01 FATEK Automation FvDesigner |
| CVE-2022-25170 | 2022-02-25 | ICSA-22-055-01 FATEK Automation FvDesigner |
| CVE-2022-23921 | 2022-02-25 | ICSA-22-053-01 GE Proficy CIMPLICITY-IPM |