Security Vulnerabilities - CVEs Published In February 2022
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-02-25
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.
CVSS Score
5.9
EPSS Score
0.004
Published
2022-02-25
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-02-25
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-02-25
PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-25
A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-25
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-25
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-25
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-25
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.
CVSS Score
8.1
EPSS Score
0.007
Published
2022-02-25