Security Vulnerabilities - CVEs Published In February 2022
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-02-16
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-16
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-16
Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-16
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-02-16
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVSS Score
6.7
EPSS Score
0.003
Published
2022-02-16
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.009
Published
2022-02-16
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-16
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS Score
9.8
EPSS Score
0.133
Published
2022-02-16
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS Score
9.8
EPSS Score
0.094
Published
2022-02-16