Lista CVE - 2022 / Febbraio
Visualizzazione 1801 - 1900 di 1942 CVE per Febbraio 2022 (Pagina 19 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-21798 | 2022-02-25 | ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext |
| CVE-2021-26617 | 2022-02-25 | Gabia Firstmall remote code execution vulnerability |
| CVE-2021-22441 | 2022-02-25 | Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. |
| CVE-2021-22478 | 2022-02-25 | The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. |
| CVE-2021-22479 | 2022-02-25 | The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. |
| CVE-2021-22437 | 2022-02-25 | There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. |
| CVE-2021-22480 | 2022-02-25 | The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. |
| CVE-2021-22448 | 2022-02-25 | There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. |
| CVE-2021-22489 | 2022-02-25 | There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-37027 | 2022-02-25 | There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2021-22319 | 2022-02-25 | There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. |
| CVE-2021-22394 | 2022-02-25 | There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. |
| CVE-2021-22395 | 2022-02-25 | There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22434 | 2022-02-25 | There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-22433 | 2022-02-25 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-22431 | 2022-02-25 | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. |
| CVE-2021-22426 | 2022-02-25 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-22430 | 2022-02-25 | There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. |
| CVE-2021-22432 | 2022-02-25 | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. |
| CVE-2021-22429 | 2022-02-25 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-37103 | 2022-02-25 | There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-40043 | 2022-02-25 | The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable... |
| CVE-2021-40046 | 2022-02-25 | PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. |
| CVE-2021-37504 | 2022-02-25 | A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in... |
| CVE-2021-42244 | 2022-02-25 | A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. |
| CVE-2021-44132 | 2022-02-25 | A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. |
| CVE-2022-25060 | 2022-02-25 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. |
| CVE-2022-25062 | 2022-02-25 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2022-25064 | 2022-02-25 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. |
| CVE-2022-25061 | 2022-02-25 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. |
| CVE-2021-42952 | 2022-02-25 | Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context... |
| CVE-2022-25264 | 2022-02-25 | In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. |
| CVE-2022-25263 | 2022-02-25 | JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. |
| CVE-2022-25262 | 2022-02-25 | In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. |
| CVE-2022-25261 | 2022-02-25 | JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. |
| CVE-2021-23495 | 2022-02-25 | Open Redirect |
| CVE-2022-25260 | 2022-02-25 | JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). |
| CVE-2022-25259 | 2022-02-25 | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. |
| CVE-2022-24442 | 2022-02-25 | JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. |
| CVE-2022-24710 | 2022-02-25 | Cross-site Scripting in Weblate |
| CVE-2022-25094 | 2022-02-25 | Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. |
| CVE-2022-25095 | 2022-02-25 | Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. |
| CVE-2022-25096 | 2022-02-25 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. |
| CVE-2022-21706 | 2022-02-25 | Multi-use invitations can grant access to other organizations in Zulip |
| CVE-2022-26149 | 2022-02-26 | MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. |
| CVE-2022-23308 | 2022-02-26 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
| CVE-2021-46702 | 2022-02-26 | Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion... |
| CVE-2020-36516 | 2022-02-26 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a... |
| CVE-2022-24986 | 2022-02-26 | KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could... |
| CVE-2022-25359 | 2022-02-26 | On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. |
| CVE-2022-0762 | 2022-02-26 | Incorrect Authorization in microweber/microweber |
| CVE-2022-0763 | 2022-02-26 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-0723 | 2022-02-26 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2022-0764 | 2022-02-26 | Arbitrary Command Injection in strapi/strapi |
| CVE-2020-27958 | 2022-02-26 | The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. |
| CVE-2022-26146 | 2022-02-26 | Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. |
| CVE-2022-22908 | 2022-02-26 | SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. |
| CVE-2021-3967 | 2022-02-26 | Improper Access Control in zulip/zulip |
| CVE-2021-21708 | 2022-02-27 | UAF due to php_filter_float() failing |
| CVE-2022-0772 | 2022-02-27 | Cross-site Scripting (XSS) - Stored in librenms/librenms |
| CVE-2021-43945 | 2022-02-28 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in... |
| CVE-2022-26159 | 2022-02-28 | The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed... |
| CVE-2020-36510 | 2022-02-28 | 15Zine < 3.3.0 - Reflected Cross-Site Scripting |
| CVE-2021-24688 | 2022-02-28 | Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion |
| CVE-2021-24689 | 2022-02-28 | Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read |
| CVE-2021-24704 | 2022-02-28 | Orange Form <= 1.0 - SQL Injection via CSRF |
| CVE-2021-24730 | 2022-02-28 | Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update |
| CVE-2021-24803 | 2022-02-28 | Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF |
| CVE-2021-24820 | 2022-02-28 | Cost Calculator <= 1.6 - Authenticated Local File Inclusion |
| CVE-2021-24823 | 2022-02-28 | Support Board < 3.3.6 - Arbitrary File Deletion via CSRF |
| CVE-2021-24864 | 2022-02-28 | WP Cloudy < 4.4.9 - Admin+ SQL Injection |
| CVE-2021-24898 | 2022-02-28 | EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24901 | 2022-02-28 | Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24903 | 2022-02-28 | GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24913 | 2022-02-28 | Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF |
| CVE-2021-24920 | 2022-02-28 | StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24933 | 2022-02-28 | Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting |
| CVE-2021-24971 | 2022-02-28 | WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-24977 | 2022-02-28 | Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending |
| CVE-2021-24994 | 2022-02-28 | WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-25010 | 2022-02-28 | Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-25011 | 2022-02-28 | WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update |
| CVE-2021-25034 | 2022-02-28 | WP User < 7.0 - Reflected Cross-Site Scripting |
| CVE-2021-25042 | 2022-02-28 | WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS |
| CVE-2021-25081 | 2022-02-28 | WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF |
| CVE-2021-25112 | 2022-02-28 | WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-25118 | 2022-02-28 | Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure |
| CVE-2021-4222 | 2022-02-28 | WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0150 | 2022-02-28 | WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS) |
| CVE-2022-0189 | 2022-02-28 | WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS) |
| CVE-2022-0328 | 2022-02-28 | Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF |
| CVE-2022-0345 | 2022-02-28 | Better Notifications for WP < 1.8.7 - Email Address Disclosure |
| CVE-2022-0360 | 2022-02-28 | WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0377 | 2022-02-28 | LearnPress < 4.1.5 - Arbitrary Image Renaming |
| CVE-2022-0383 | 2022-02-28 | WP Review Slider < 11.0 - Admin+ SQL Injection |
| CVE-2022-0385 | 2022-02-28 | Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS |
| CVE-2022-0411 | 2022-02-28 | Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection |
| CVE-2022-0412 | 2022-02-28 | TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection |
| CVE-2022-23911 | 2022-02-28 | AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection |
| CVE-2022-23912 | 2022-02-28 | AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting |