Lista CVE - 2022 / Febbraio
Visualizzazione 1901 - 1942 di 1942 CVE per Febbraio 2022 (Pagina 20 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-23987 | 2022-02-28 | WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-23988 | 2022-02-28 | WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-0768 | 2022-02-28 | Server-Side Request Forgery (SSRF) in rudloff/alltube |
| CVE-2022-24571 | 2022-02-28 | Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. |
| CVE-2022-24572 | 2022-02-28 | Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user... |
| CVE-2022-24685 | 2022-02-28 | HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6. |
| CVE-2021-43086 | 2022-02-28 | ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes()... |
| CVE-2021-44334 | 2022-02-28 | David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" . |
| CVE-2022-25642 | 2022-02-28 | Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. |
| CVE-2022-26155 | 2022-02-28 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. |
| CVE-2022-26156 | 2022-02-28 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in... |
| CVE-2021-44339 | 2022-02-28 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712". |
| CVE-2022-26157 | 2022-02-28 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception... |
| CVE-2022-26158 | 2022-02-28 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious... |
| CVE-2022-24711 | 2022-02-28 | Remote CLI Command Execution Vulnerability in CodeIgniter4 |
| CVE-2021-44340 | 2022-02-28 | David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403". |
| CVE-2022-24712 | 2022-02-28 | Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 |
| CVE-2021-44342 | 2022-02-28 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494". |
| CVE-2021-44331 | 2022-02-28 | ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). |
| CVE-2022-26315 | 2022-02-28 | qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. |
| CVE-2022-25023 | 2022-02-28 | Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. |
| CVE-2022-26181 | 2022-02-28 | Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. |
| CVE-2020-22844 | 2022-02-28 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. |
| CVE-2020-22845 | 2022-02-28 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. |
| CVE-2022-25013 | 2022-02-28 | Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. |
| CVE-2022-25014 | 2022-02-28 | Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise... |
| CVE-2022-25015 | 2022-02-28 | A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. |
| CVE-2021-41111 | 2022-02-28 | Authorization Bypass Through User-Controlled Key in Rundeck |
| CVE-2021-41112 | 2022-02-28 | Missing Authorization in Rundeck |
| CVE-2021-45414 | 2022-02-28 | A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. |
| CVE-2022-23906 | 2022-02-28 | CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. |
| CVE-2022-23907 | 2022-02-28 | CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. |
| CVE-2022-25028 | 2022-02-28 | Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. |
| CVE-2022-25407 | 2022-02-28 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. |
| CVE-2022-25408 | 2022-02-28 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. |
| CVE-2022-25409 | 2022-02-28 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. |
| CVE-2022-25410 | 2022-02-28 | Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. |
| CVE-2022-25411 | 2022-02-28 | A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-25412 | 2022-02-28 | Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. |
| CVE-2022-25413 | 2022-02-28 | Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. |
| CVE-2022-0743 | 2022-02-28 | Cross-site Scripting (XSS) - Stored in getgrav/grav |
| CVE-2022-24720 | 2022-03-01 | Improper Input Validation in image_processing |
| CVE-2022-26332 | 2022-03-01 | Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. |
| CVE-2022-25018 | 2022-03-01 | Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. |
| CVE-2022-25020 | 2022-03-01 | A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. |
| CVE-2022-25022 | 2022-03-01 | A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. |
| CVE-2021-42767 | 2022-03-01 | A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17,... |
| CVE-2021-42951 | 2022-03-01 | A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number... |
| CVE-2021-44961 | 2022-03-01 | A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious... |
| CVE-2021-44962 | 2022-03-01 | An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can... |
| CVE-2020-12775 | 2022-03-01 | Hicos citizen certificate client-side component - Command Injection |
| CVE-2022-22262 | 2022-03-01 | ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access |
| CVE-2022-24446 | 2022-03-01 | An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server... |
| CVE-2021-43619 | 2022-03-01 | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack... |
| CVE-2021-35036 | 2022-03-01 | A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. |
| CVE-2021-4039 | 2022-03-01 | A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. |
| CVE-2022-0776 | 2022-03-01 | Cross-site Scripting (XSS) - DOM in hakimel/reveal.js |
| CVE-2022-0777 | 2022-03-01 | Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber |
| CVE-2021-44747 | 2022-03-01 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-23377 | 2022-03-01 | Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. |
| CVE-2022-23380 | 2022-03-01 | There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. |
| CVE-2021-46387 | 2022-03-01 | ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an... |
| CVE-2021-44238 | 2022-03-01 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, |
| CVE-2022-23387 | 2022-03-01 | An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. |
| CVE-2020-4925 | 2022-03-01 | A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM... |
| CVE-2021-38955 | 2022-03-01 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the... |
| CVE-2021-38986 | 2022-03-01 | IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:... |
| CVE-2022-22321 | 2022-03-01 | IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. |
| CVE-2021-36171 | 2022-03-01 | The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the... |
| CVE-2021-36166 | 2022-03-01 | An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. |
| CVE-2021-32586 | 2022-03-01 | An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via... |
| CVE-2021-43075 | 2022-03-01 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version... |
| CVE-2022-22300 | 2022-03-01 | A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7,... |
| CVE-2021-41193 | 2022-03-01 | Use of Externally-Controlled Format String in wire-avs |
| CVE-2020-15936 | 2022-03-01 | A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via... |
| CVE-2021-43077 | 2022-03-01 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2... |
| CVE-2022-24717 | 2022-03-01 | Cross Site Scripting (XSS) in ssr-pages |
| CVE-2022-24718 | 2022-03-01 | Path Traversal in ssr-pages |
| CVE-2022-24719 | 2022-03-01 | Unauthorized forwarding of confidential headers in fluture-node |
| CVE-2022-25010 | 2022-03-01 | The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. |
| CVE-2021-41652 | 2022-03-01 | Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. |
| CVE-2022-25012 | 2022-03-01 | Argus Surveillance DVR v4.0 employs weak password encryption. |
| CVE-2021-41282 | 2022-03-01 | diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by... |
| CVE-2022-24251 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. |
| CVE-2022-24252 | 2022-03-01 | An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. |
| CVE-2022-24253 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. |
| CVE-2022-24254 | 2022-03-01 | An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. |
| CVE-2022-24255 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. |
| CVE-2022-25050 | 2022-03-01 | rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2021-45861 | 2022-03-01 | There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. |
| CVE-2021-45864 | 2022-03-01 | tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. |
| CVE-2021-45860 | 2022-03-01 | An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2022-25051 | 2022-03-01 | An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. |
| CVE-2021-45863 | 2022-03-01 | tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. |
| CVE-2021-23192 | 2022-03-02 | A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker... |
| CVE-2021-23222 | 2022-03-02 | A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. |
| CVE-2021-3631 | 2022-03-02 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest,... |
| CVE-2021-3654 | 2022-03-02 | A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. |
| CVE-2021-3677 | 2022-03-02 | A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will.... |
| CVE-2021-3738 | 2022-03-02 | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb... |