CVE-2022-21168
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.
Source: CVE-2022-21168
[월:] 2022년 04월
CVE-2022-21214
CVE-2022-21214
The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.
Source: CVE-2022-21214
CVE-2022-24812
CVE-2022-24812
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability.
Source: CVE-2022-24812
CVE-2022-24383
CVE-2022-24383
The affected product is vulnerable to an out-of-bounds read, which may result in code execution
Source: CVE-2022-24383
CVE-2022-21228
CVE-2022-21228
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Source: CVE-2022-21228
CVE-2022-27261
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
Source: CVE-2022-27261
CVE-2022-27260
CVE-2022-27260
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
Source: CVE-2022-27260
CVE-2022-26109
CVE-2022-26109
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Source: CVE-2022-26109
CVE-2021-41005
CVE-2021-41005
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
Source: CVE-2021-41005
CVE-2021-41004
CVE-2021-41004
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
Source: CVE-2021-41004