CVE-2022-25064
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
Source: CVE-2022-25064
[월:] 2022년 02월
CVE-2022-25019
CVE-2022-25019
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2022-25019
CVE-2022-25170
CVE-2022-25170
The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code
Source: CVE-2022-25170
CVE-2022-23985
CVE-2022-23985
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
Source: CVE-2022-23985
CVE-2022-23921
CVE-2022-23921
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.
Source: CVE-2022-23921
CVE-2022-21798
CVE-2022-21798
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.
Source: CVE-2022-21798
CVE-2022-21209
CVE-2022-21209
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
Source: CVE-2022-21209
CVE-2022-0655
CVE-2022-0655
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2022-0655
CVE-2022-0615
CVE-2022-0615
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.
Source: CVE-2022-0615
CVE-2021-42244
CVE-2021-42244
A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification.
Source: CVE-2021-42244