CVE-2021-28962
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
Source: CVE-2021-28962
[월:] 2022년 01월
CVE-2021-46101
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
Source: CVE-2021-46101
CVE-2020-36056
CVE-2020-36056
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.
Source: CVE-2020-36056
CVE-2020-36064
CVE-2020-36064
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.
Source: CVE-2020-36064
CVE-2021-44255
CVE-2021-44255
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
Source: CVE-2021-44255
CVE-2021-23520
CVE-2021-23520
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.
Source: CVE-2021-23520
CVE-2022-0414
CVE-2022-0414
Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.
Source: CVE-2022-0414
CVE-2021-23521
CVE-2021-23521
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.
Source: CVE-2021-23521
CVE-2021-45079
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Source: CVE-2021-45079
CVE-2022-23409
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
Source: CVE-2022-23409