CVE-2021-33499
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
Source: CVE-2021-33499
[월:] 2022년 01월
CVE-2021-32545
CVE-2021-32545
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
Source: CVE-2021-32545
CVE-2020-28919
CVE-2020-28919
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
Source: CVE-2020-28919
CVE-2022-23095
CVE-2022-23095
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
Source: CVE-2022-23095
CVE-2022-23178
CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
Source: CVE-2022-23178
CVE-2021-44049
CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user’s Temp directory.
Source: CVE-2021-44049
CVE-2021-33963
CVE-2021-33963
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
Source: CVE-2021-33963
CVE-2022-23094
CVE-2022-23094
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
Source: CVE-2022-23094
CVE-2021-24044
CVE-2021-24044
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
Source: CVE-2021-24044
CVE-2021-46168
CVE-2021-46168
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.
Source: CVE-2021-46168