Security Vulnerabilities - CVEs Published In February 2022
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
CVSS Score
7.3
EPSS Score
0.054
Published
2022-02-16
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-02-16
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-02-16
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-16
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-16
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-16
IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.
CVSS Score
2.1
EPSS Score
0.001
Published
2022-02-16
IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.
CVSS Score
2.4
EPSS Score
0.001
Published
2022-02-16
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-02-16
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
CVSS Score
8.8
EPSS Score
0.011
Published
2022-02-16