» 2022 » 1월

CVE-2022-22265

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-22265

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Source: CVE-2022-22265

CVE-2022-22264

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-22264

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

Source: CVE-2022-22264

CVE-2022-22263

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-22263

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.

Source: CVE-2022-22263

CVE-2022-21823

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.

Source: CVE-2022-21823

CVE-2022-21667

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-21667

soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it’s highly recommended to upgrade to the latest patch. There are no workarounds for this issue.

Source: CVE-2022-21667

CVE-2022-0133

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-0133

peertube is vulnerable to Improper Access Control

Source: CVE-2022-0133

CVE-2022-0132

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2022-0132

peertube is vulnerable to Server-Side Request Forgery (SSRF)

Source: CVE-2022-0132

CVE-2021-46165

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file’s path might not be properly defined.

Source: CVE-2021-46165

CVE-2021-46166

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46166

Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.

Source: CVE-2021-46166

CVE-2021-46164

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46164

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

Source: CVE-2021-46164