CVE-2022-28893
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
Source: CVE-2022-28893
[월:] 2022년 04월
CVE-2022-27293
CVE-2022-27293
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
Source: CVE-2022-27293
CVE-2022-27960
CVE-2022-27960
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users’ personal information.
Source: CVE-2022-27960
CVE-2022-27295
CVE-2022-27295
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
Source: CVE-2022-27295
CVE-2022-27476
CVE-2022-27476
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
Source: CVE-2022-27476
CVE-2022-27294
CVE-2022-27294
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
Source: CVE-2022-27294
CVE-2022-27958
CVE-2022-27958
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users’ personal information.
Source: CVE-2022-27958
CVE-2022-27292
CVE-2022-27292
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.
Source: CVE-2022-27292
CVE-2022-27477
CVE-2022-27477
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
Source: CVE-2022-27477
CVE-2022-27961
CVE-2022-27961
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
Source: CVE-2022-27961