CVE-2022-25949
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
Source: CVE-2022-25949
[월:] 2022년 03월
CVE-2022-25969
CVE-2022-25969
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Source: CVE-2022-25969
CVE-2022-26081
CVE-2022-26081
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Source: CVE-2022-26081
CVE-2022-26511
CVE-2022-26511
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(‘current directory type’ DLL loading).
Source: CVE-2022-26511
CVE-2022-24759
CVE-2022-24759
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.
Source: CVE-2022-24759
CVE-2022-25364
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)
Source: CVE-2022-25364
CVE-2022-26503
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
Source: CVE-2022-26503
CVE-2022-26526
CVE-2022-26526
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)
Source: CVE-2022-26526
CVE-2020-15591
CVE-2020-15591
fexsrv in F*EX (aka Frams’ Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).
Source: CVE-2020-15591
CVE-2021-44906
CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Source: CVE-2021-44906