Security Vulnerabilities - CVEs Published In February 2022
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-02-14
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-02-14
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
CVSS Score
7.5
EPSS Score
0.027
Published
2022-02-14
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
CVSS Score
7.5
EPSS Score
0.076
Published
2022-02-14
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-02-14
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
CVSS Score
9.8
EPSS Score
0.808
Published
2022-02-14
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-14
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
CVSS Score
5.9
EPSS Score
0.004
Published
2022-02-14
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-02-14
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-02-14