» 2022 » 4월

CVE-2022-1222

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2022-1222

Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Source: CVE-2022-1222

CVE-2022-26530

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2022-26530

swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.

Source: CVE-2022-26530

CVE-2022-26233

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2022-26233

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /…." substring.

Source: CVE-2022-26233

CVE-2022-27248

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.

Source: CVE-2022-27248

CVE-2022-27249

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.

Source: CVE-2022-27249

CVE-2021-30066

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2021-30066

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.

Source: CVE-2021-30066

CVE-2021-30062

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2021-30062

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.

Source: CVE-2021-30062

CVE-2021-30061

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2021-30061

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

Source: CVE-2021-30061

CVE-2021-30063

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2021-30063

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

Source: CVE-2021-30063

CVE-2021-30064

Posted on 2022년 4월 4일2022년 4월 4일 by admin

CVE-2021-30064

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

Source: CVE-2021-30064