Lista CVE - 2022 / Febbraio
Visualizzazione 201 - 300 di 1942 CVE per Febbraio 2022 (Pagina 3 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-45992 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the... |
| CVE-2021-45991 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the... |
| CVE-2021-45989 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the... |
| CVE-2021-45990 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. |
| CVE-2021-45988 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the... |
| CVE-2021-45987 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. |
| CVE-2021-45986 | 2022-02-04 | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. |
| CVE-2021-45741 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. |
| CVE-2021-45742 | 2022-02-04 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. |
| CVE-2021-45740 | 2022-02-04 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. |
| CVE-2021-45738 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. |
| CVE-2021-45739 | 2022-02-04 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. |
| CVE-2021-45737 | 2022-02-04 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. |
| CVE-2021-45736 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server... |
| CVE-2021-45735 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. |
| CVE-2021-45734 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. |
| CVE-2021-44882 | 2022-02-04 | D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. |
| CVE-2021-45733 | 2022-02-04 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. |
| CVE-2021-44881 | 2022-02-04 | D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. |
| CVE-2021-44880 | 2022-02-04 | D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted... |
| CVE-2021-44246 | 2022-02-04 | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service... |
| CVE-2021-44247 | 2022-02-04 | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the... |
| CVE-2021-44899 | 2022-02-04 | Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by... |
| CVE-2021-44900 | 2022-02-04 | Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific... |
| CVE-2021-44901 | 2022-02-04 | Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are... |
| CVE-2021-44903 | 2022-02-04 | Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are... |
| CVE-2022-23316 | 2022-02-04 | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. |
| CVE-2021-46320 | 2022-02-04 | In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call.... |
| CVE-2021-44983 | 2022-02-04 | In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. |
| CVE-2021-44886 | 2022-02-04 | In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket... |
| CVE-2021-43145 | 2022-02-04 | With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. |
| CVE-2021-46398 | 2022-02-04 | A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious... |
| CVE-2021-44978 | 2022-02-04 | iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. |
| CVE-2021-44977 | 2022-02-04 | In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. |
| CVE-2022-24259 | 2022-02-04 | An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. |
| CVE-2022-24260 | 2022-02-04 | A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. |
| CVE-2022-24262 | 2022-02-04 | The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in... |
| CVE-2021-43635 | 2022-02-04 | A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a... |
| CVE-2021-45429 | 2022-02-04 | A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. |
| CVE-2022-24249 | 2022-02-04 | A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. |
| CVE-2021-29393 | 2022-02-04 | Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled... |
| CVE-2021-29394 | 2022-02-04 | Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization... |
| CVE-2021-29395 | 2022-02-04 | Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host... |
| CVE-2021-29396 | 2022-02-04 | Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. |
| CVE-2021-29397 | 2022-02-04 | Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. |
| CVE-2021-29398 | 2022-02-04 | Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the... |
| CVE-2022-24129 | 2022-02-04 | The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary... |
| CVE-2021-45408 | 2022-02-04 | Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. |
| CVE-2022-24448 | 2022-02-04 | An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular... |
| CVE-2021-23497 | 2022-02-04 | Prototype Pollution |
| CVE-2021-23470 | 2022-02-04 | Prototype Pollution |
| CVE-2021-23507 | 2022-02-04 | Prototype Pollution |
| CVE-2021-46671 | 2022-02-04 | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. |
| CVE-2022-24348 | 2022-02-04 | Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able... |
| CVE-2022-23329 | 2022-02-04 | A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. |
| CVE-2022-23330 | 2022-02-04 | A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. |
| CVE-2021-32732 | 2022-02-04 | Cross-Site Request Forgery in xwiki-platform |
| CVE-2022-23379 | 2022-02-04 | Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). |
| CVE-2022-23614 | 2022-02-04 | Code injection in Twig |
| CVE-2022-23946 | 2022-02-04 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file... |
| CVE-2022-23947 | 2022-02-04 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file... |
| CVE-2021-21969 | 2022-02-04 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable.... |
| CVE-2021-21970 | 2022-02-04 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable.... |
| CVE-2021-21963 | 2022-02-04 | An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An... |
| CVE-2021-21971 | 2022-02-04 | An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform... |
| CVE-2021-21960 | 2022-02-04 | A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker... |
| CVE-2021-21961 | 2022-02-04 | A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can... |
| CVE-2021-21964 | 2022-02-04 | A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can... |
| CVE-2021-21965 | 2022-02-04 | A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker... |
| CVE-2021-40420 | 2022-02-04 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead... |
| CVE-2022-22150 | 2022-02-04 | A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the... |
| CVE-2021-21959 | 2022-02-04 | A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. |
| CVE-2021-21968 | 2022-02-04 | A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker... |
| CVE-2021-21962 | 2022-02-04 | A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code... |
| CVE-2020-12891 | 2022-02-04 | AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in... |
| CVE-2020-12966 | 2022-02-04 | AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker... |
| CVE-2020-12965 | 2022-02-04 | When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. |
| CVE-2022-22939 | 2022-02-04 | VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on... |
| CVE-2021-29218 | 2022-02-04 | A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a... |
| CVE-2021-29219 | 2022-02-04 | A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the... |
| CVE-2021-44779 | 2022-02-04 | WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability |
| CVE-2021-4154 | 2022-02-04 | A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting... |
| CVE-2021-22286 | 2022-02-04 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module |
| CVE-2021-22288 | 2022-02-04 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module |
| CVE-2021-22285 | 2022-02-04 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module |
| CVE-2022-0484 | 2022-02-04 | Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs |
| CVE-2022-0487 | 2022-02-04 | A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This... |
| CVE-2021-22284 | 2022-02-04 | SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability |
| CVE-2021-38130 | 2022-02-04 | A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage... |
| CVE-2022-0218 | 2022-02-04 | WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route |
| CVE-2022-0380 | 2022-02-04 | Fotobook <= 3.2.3 Reflected Cross-Site Scripting |
| CVE-2022-0381 | 2022-02-04 | Embed Swagger <= 1.0.0 Reflected Cross-Site Scripting |
| CVE-2022-23980 | 2022-02-04 | WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-22689 | 2022-02-04 | CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user... |
| CVE-2021-28503 | 2022-02-04 | In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. |
| CVE-2022-0365 | 2022-02-04 | Ricon Mobile, Inc. |
| CVE-2022-22987 | 2022-02-04 | Advantech ADAM-3600 |
| CVE-2022-24113 | 2022-02-04 | Local privilege escalation due to excessive permissions assigned to child processes |
| CVE-2022-24115 | 2022-02-04 | Local privilege escalation due to unrestricted loading of unsigned libraries |
| CVE-2021-44205 | 2022-02-04 | Local privilege escalation due to DLL hijacking vulnerability |