» 2022 » 1월

CVE-2021-44795

Posted on 2022년 1월 27일2022년 1월 28일 by admin

CVE-2021-44795

Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.

Source: CVE-2021-44795

CVE-2022-23181

Posted on 2022년 1월 27일2022년 1월 28일 by admin

CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Source: CVE-2022-23181

CVE-2021-44794

Posted on 2022년 1월 27일2022년 1월 28일 by admin

CVE-2021-44794

Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.

Source: CVE-2021-44794

CVE-2021-44793

Posted on 2022년 1월 27일2022년 1월 28일 by admin

CVE-2021-44793

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.

Source: CVE-2021-44793

CVE-2021-44792

Posted on 2022년 1월 27일2022년 1월 28일 by admin

CVE-2021-44792

Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.

Source: CVE-2021-44792

CVE-2021-44121

Posted on 2022년 1월 27일2022년 1월 27일 by admin

CVE-2021-44121

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2021-44121

CVE-2022-0372

Posted on 2022년 1월 27일2022년 1월 27일 by admin

CVE-2022-0372

Cross-site Scripting (XSS) – Stored in Packagist bytefury/crater prior to 6.0.2.

Source: CVE-2022-0372

CVE-2022-0387

Posted on 2022년 1월 27일2022년 1월 27일 by admin

CVE-2022-0387

Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v.

Source: CVE-2022-0387

CVE-2022-0370

Posted on 2022년 1월 27일2022년 1월 27일 by admin

CVE-2022-0370

Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v.

Source: CVE-2022-0370

CVE-2022-22828

Posted on 2022년 1월 27일2022년 1월 27일 by admin

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

Source: CVE-2022-22828