Security Vulnerabilities - CVEs Published In February 2022
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVSS Score
9.8
EPSS Score
0.027
Published
2022-02-04
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
CVSS Score
8.8
EPSS Score
0.092
Published
2022-02-04
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-02-04
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-02-04
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVSS Score
4.9
EPSS Score
0.006
Published
2022-02-04
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-04
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-04
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-02-04
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-04