CVE-2021-23484
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
Source: CVE-2021-23484
[월:] 2022년 01월
CVE-2021-23558
CVE-2021-23558
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664)
Source: CVE-2021-23558
CVE-2022-23888
CVE-2022-23888
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
Source: CVE-2022-23888
CVE-2022-23889
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
Source: CVE-2022-23889
CVE-2022-23887
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
Source: CVE-2022-23887
CVE-2022-23727
CVE-2022-23727
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege
Source: CVE-2022-23727
CVE-2021-40416
CVE-2021-40416
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.
Source: CVE-2021-40416
CVE-2021-40419
CVE-2021-40419
A firmware update vulnerability exists in the ‘factory’ binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
Source: CVE-2021-40419
CVE-2021-40423
CVE-2021-40423
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Source: CVE-2021-40423
CVE-2022-23456
CVE-2022-23456
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.
Source: CVE-2022-23456