CVE-2022-25318
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
Source: CVE-2022-25318
[월:] 2022년 02월
CVE-2022-25317
CVE-2022-25317
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
Source: CVE-2022-25317
CVE-2022-25315
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Source: CVE-2022-25315
CVE-2022-25314
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Source: CVE-2022-25314
CVE-2022-25313
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Source: CVE-2022-25313
CVE-2021-46108
CVE-2021-46108
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.
Source: CVE-2021-46108
CVE-2022-22922
CVE-2022-22922
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.
Source: CVE-2022-22922
CVE-2021-41599
CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.
Source: CVE-2021-41599
CVE-2021-4120
CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Source: CVE-2021-4120
CVE-2021-3155
CVE-2021-3155
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Source: CVE-2021-3155