CVE-2022-27818
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
Source: CVE-2022-27818
[월:] 2022년 04월
CVE-2020-27375
CVE-2020-27375
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.
Source: CVE-2020-27375
CVE-2022-27819
CVE-2022-27819
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
Source: CVE-2022-27819
CVE-2020-27373
CVE-2020-27373
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.
Source: CVE-2020-27373
CVE-2020-22253
CVE-2020-22253
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
Source: CVE-2020-22253
CVE-2022-26605
CVE-2022-26605
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.
Source: CVE-2022-26605
CVE-2022-26607
CVE-2022-26607
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.
Source: CVE-2022-26607
CVE-2022-26613
CVE-2022-26613
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.
Source: CVE-2022-26613
CVE-2022-26591
CVE-2022-26591
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.
Source: CVE-2022-26591
CVE-2022-20762
CVE-2022-20762
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.
Source: CVE-2022-20762