» 2022 » 2월

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

Source: CVE-2021-45977

CVE-2022-25374

Posted on 2022년 2월 25일2022년 2월 26일 by admin

CVE-2022-25374

HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.

Source: CVE-2022-25374

CVE-2022-24612

Posted on 2022년 2월 25일2022년 2월 25일 by admin

CVE-2022-24612

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.

Source: CVE-2022-24612

CVE-2022-24594

Posted on 2022년 2월 25일2022년 2월 25일 by admin

CVE-2022-24594

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.

Source: CVE-2022-24594

CVE-2022-25328

Posted on 2022년 2월 25일2022년 2월 25일 by admin

CVE-2022-25328

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

Source: CVE-2022-25328