Security Vulnerabilities - CVEs Published In February 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-02-15
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-02-15
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-14
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2022-02-14
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.0
Published
2022-02-14
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-02-14
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-02-14
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14