Security Vulnerabilities - CVEs Published In February 2022
There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-09
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-09
There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-02-09
There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-09
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-09
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-09
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
CVSS Score
8.4
EPSS Score
0.002
Published
2022-02-09
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
CVSS Score
7.5
EPSS Score
0.018
Published
2022-02-09
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-09
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-09