» 2022 » 1월

CVE-2022-0079

Posted on 2022년 1월 3일2022년 1월 3일 by admin

CVE-2022-0079

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

Source: CVE-2022-0079

CVE-2021-36751

Posted on 2022년 1월 3일2022년 1월 3일 by admin

CVE-2021-36751

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)

Source: CVE-2021-36751

CVE-2022-0080

Posted on 2022년 1월 2일2022년 1월 2일 by admin

CVE-2022-0080

mruby is vulnerable to Heap-based Buffer Overflow

Source: CVE-2022-0080

CVE-2022-22293

Posted on 2022년 1월 2일2022년 1월 2일 by admin

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.

Source: CVE-2022-22293

CVE-2021-44896

Posted on 2022년 1월 2일2022년 1월 2일 by admin

CVE-2021-44896

DMP Roadmap before 3.0.4 allows XSS.

Source: CVE-2021-44896

CVE-2021-45972

Posted on 2022년 1월 2일2022년 1월 2일 by admin

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

Source: CVE-2021-45972

CVE-2021-45960

Posted on 2022년 1월 2일2022년 1월 2일 by admin

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Source: CVE-2021-45960

CVE-2021-43333

Posted on 2022년 1월 1일2022년 1월 1일 by admin

CVE-2021-43333

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.

Source: CVE-2021-43333

CVE-2021-44852

Posted on 2022년 1월 1일2022년 1월 1일 by admin

CVE-2021-44852

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver’s device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

Source: CVE-2021-44852

CVE-2021-41819

Posted on 2022년 1월 1일2022년 1월 1일 by admin

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Source: CVE-2021-41819