CVE-2022-25403
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
Source: CVE-2022-25403
[월:] 2022년 02월
CVE-2022-25636
CVE-2022-25636
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Source: CVE-2022-25636
CVE-2022-25098
CVE-2022-25098
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.
Source: CVE-2022-25098
CVE-2022-25290
CVE-2022-25290
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Source: CVE-2022-25290
CVE-2022-25072
CVE-2022-25072
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
Source: CVE-2022-25072
CVE-2022-25073
CVE-2022-25073
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
Source: CVE-2022-25073
CVE-2022-25075
CVE-2022-25075
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Source: CVE-2022-25075
CVE-2022-25077
CVE-2022-25077
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Source: CVE-2022-25077
CVE-2022-25076
CVE-2022-25076
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Source: CVE-2022-25076
CVE-2022-25079
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Source: CVE-2022-25079