Security Vulnerabilities - CVEs Published In February 2022
A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-02-17
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-17
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.017
Published
2022-02-17
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-02-17
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-02-17
There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-17
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-02-17
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-02-17
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-16
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-02-16