Lista CVE - 2022 / Febbraio
Visualizzazione 801 - 900 di 1942 CVE per Febbraio 2022 (Pagina 9 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-24958 | 2022-02-11 | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
| CVE-2022-24961 | 2022-02-11 | In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. |
| CVE-2022-0557 | 2022-02-11 | OS Command Injection in microweber/microweber |
| CVE-2021-30309 | 2022-02-11 | Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30317 | 2022-02-11 | Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30318 | 2022-02-11 | Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &... |
| CVE-2021-30322 | 2022-02-11 | Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2021-30323 | 2022-02-11 | Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-30324 | 2022-02-11 | Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2021-30325 | 2022-02-11 | Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-30326 | 2022-02-11 | Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-35068 | 2022-02-11 | Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2021-35069 | 2022-02-11 | Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-35074 | 2022-02-11 | Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-35075 | 2022-02-11 | Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-35077 | 2022-02-11 | Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-44521 | 2022-02-11 | Remote code execution for scripted UDFs |
| CVE-2022-24112 | 2022-02-11 | apisix/batch-requests plugin allows overwriting the X-REAL-IP header |
| CVE-2022-24289 | 2022-02-11 | Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions |
| CVE-2021-46355 | 2022-02-11 | OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a... |
| CVE-2022-0560 | 2022-02-11 | Open Redirect in microweber/microweber |
| CVE-2021-38679 | 2022-02-11 | Improper Authentication in Kazoo Server |
| CVE-2021-45402 | 2022-02-11 | The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address... |
| CVE-2020-36062 | 2022-02-11 | Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. |
| CVE-2020-13668 | 2022-02-11 | Access bypass in Drupal Core 8/9 |
| CVE-2021-45385 | 2022-02-11 | A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory... |
| CVE-2020-13669 | 2022-02-11 | Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x... |
| CVE-2020-13672 | 2022-02-11 | Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions... |
| CVE-2020-13673 | 2022-02-11 | The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page... |
| CVE-2020-13675 | 2022-02-11 | Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might... |
| CVE-2020-13674 | 2022-02-11 | The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected... |
| CVE-2020-13670 | 2022-02-11 | Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access... |
| CVE-2020-13676 | 2022-02-11 | The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module... |
| CVE-2021-42940 | 2022-02-11 | A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. |
| CVE-2020-13677 | 2022-02-11 | Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API... |
| CVE-2021-23597 | 2022-02-11 | Denial of Service (DoS) |
| CVE-2021-44111 | 2022-02-11 | A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. |
| CVE-2021-31932 | 2022-02-11 | Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by... |
| CVE-2021-4035 | 2022-02-11 | Wocu Monitoring stored Cross-Site Scripting (XSS) |
| CVE-2021-4046 | 2022-02-11 | TCMAN GIM Cross-Site Scripting (XSS) |
| CVE-2022-22291 | 2022-02-11 | Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. |
| CVE-2022-22292 | 2022-02-11 | Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. |
| CVE-2022-23425 | 2022-02-11 | Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. |
| CVE-2022-23426 | 2022-02-11 | A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. |
| CVE-2022-23427 | 2022-02-11 | PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. |
| CVE-2022-23428 | 2022-02-11 | An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. |
| CVE-2022-23429 | 2022-02-11 | An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. |
| CVE-2022-23431 | 2022-02-11 | An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. |
| CVE-2022-23432 | 2022-02-11 | An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. |
| CVE-2022-23433 | 2022-02-11 | Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted... |
| CVE-2022-23434 | 2022-02-11 | A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying... |
| CVE-2022-23994 | 2022-02-11 | An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. |
| CVE-2022-23995 | 2022-02-11 | Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. |
| CVE-2022-23996 | 2022-02-11 | Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. |
| CVE-2022-23997 | 2022-02-11 | Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. |
| CVE-2022-23998 | 2022-02-11 | Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in... |
| CVE-2022-23999 | 2022-02-11 | PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
| CVE-2022-24000 | 2022-02-11 | PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
| CVE-2022-24001 | 2022-02-11 | Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. |
| CVE-2022-24002 | 2022-02-11 | Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. |
| CVE-2022-24003 | 2022-02-11 | Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. |
| CVE-2022-24923 | 2022-02-11 | Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. |
| CVE-2022-24924 | 2022-02-11 | An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. |
| CVE-2022-24925 | 2022-02-11 | Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices. |
| CVE-2022-24926 | 2022-02-11 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. |
| CVE-2022-24927 | 2022-02-11 | Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. |
| CVE-2022-23707 | 2022-02-11 | An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which... |
| CVE-2020-14521 | 2022-02-11 | Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element |
| CVE-2021-22748 | 2022-02-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus... |
| CVE-2020-14523 | 2022-02-11 | Mitsubishi Electric Factory Automation Products Path Traversal |
| CVE-2021-22796 | 2022-02-11 | A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) |
| CVE-2021-22785 | 2022-02-11 | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the... |
| CVE-2021-22787 | 2022-02-11 | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of... |
| CVE-2021-22788 | 2022-02-11 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product:... |
| CVE-2021-22798 | 2022-02-11 | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox (All Versions) |
| CVE-2021-22806 | 2022-02-11 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for... |
| CVE-2021-22801 | 2022-02-11 | A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software... |
| CVE-2021-22802 | 2022-02-11 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed... |
| CVE-2021-22803 | 2022-02-11 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to... |
| CVE-2021-22804 | 2022-02-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS,... |
| CVE-2021-22805 | 2022-02-11 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of... |
| CVE-2021-22800 | 2022-02-11 | A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon... |
| CVE-2021-22823 | 2022-02-11 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of... |
| CVE-2021-22824 | 2022-02-11 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message... |
| CVE-2022-0483 | 2022-02-11 | Local privilege escalation due to insecure folder permissions |
| CVE-2021-39616 | 2022-02-11 | Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 |
| CVE-2021-39619 | 2022-02-11 | In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation... |
| CVE-2021-39631 | 2022-02-11 | In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information... |
| CVE-2021-39635 | 2022-02-11 | ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE... |
| CVE-2021-39658 | 2022-02-11 | ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps... |
| CVE-2021-39662 | 2022-02-11 | In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to... |
| CVE-2021-39663 | 2022-02-11 | In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2021-39664 | 2022-02-11 | In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file... |
| CVE-2021-39665 | 2022-02-11 | In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-39666 | 2022-02-11 | In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-39668 | 2022-02-11 | In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System... |
| CVE-2021-39669 | 2022-02-11 | In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege... |
| CVE-2021-39671 | 2022-02-11 | In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User... |
| CVE-2021-39674 | 2022-02-11 | In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-39675 | 2022-02-11 | In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution... |