CVE-2022-21839
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.
Source: CVE-2022-21839
[월:] 2022년 01월
CVE-2022-21840
CVE-2022-21841
CVE-2022-21836
CVE-2022-21842
CVE-2022-21834
CVE-2022-21834
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability.
Source: CVE-2022-21834
CVE-2021-43972
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
Source: CVE-2021-43972
CVE-2021-43971
CVE-2021-43971
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.
Source: CVE-2021-43971
CVE-2021-43973
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file.
Source: CVE-2021-43973
CVE-2021-43974
CVE-2021-43974
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.
Source: CVE-2021-43974