CVE-2022-24687
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption.
Source: CVE-2022-24687
[월:] 2022년 02월
CVE-2022-25838
CVE-2022-25838
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
Source: CVE-2022-25838
CVE-2022-25643
CVE-2022-25643
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
Source: CVE-2022-25643
CVE-2022-25640
CVE-2022-25640
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Source: CVE-2022-25640
CVE-2022-25638
CVE-2022-25638
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Source: CVE-2022-25638
CVE-2022-25809
CVE-2022-25809
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
Source: CVE-2022-25809
CVE-2022-25406
CVE-2022-25406
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
Source: CVE-2022-25406
CVE-2022-25292
CVE-2022-25292
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Source: CVE-2022-25292
CVE-2022-25414
CVE-2022-25414
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
Source: CVE-2022-25414
CVE-2022-25355
CVE-2022-25355
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.
Source: CVE-2022-25355