» 2022 » 4월

CVE-2022-1236

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1236

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.

Source: CVE-2022-1236

CVE-2022-1235

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1235

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.

Source: CVE-2022-1235

CVE-2022-25154

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-25154

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)

Source: CVE-2022-25154

CVE-2022-23909

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-23909

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:Program FilesSherpa SoftwareSherpa.exe" file.

Source: CVE-2022-23909

CVE-2022-1212

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1212

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

Source: CVE-2022-1212

CVE-2021-39114

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Source: CVE-2021-39114

CVE-2022-1213

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

Source: CVE-2022-1213

CVE-2021-33207

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.

Source: CVE-2021-33207

CVE-2022-26615

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2022-26615

A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.

Source: CVE-2022-26615

CVE-2021-45893

Posted on 2022년 4월 5일2022년 4월 5일 by admin

CVE-2021-45893

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.

Source: CVE-2021-45893