CVE-2022-30428
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.
Source: CVE-2022-30428
[월:] 2022년 05월
CVE-2022-30427
CVE-2022-30427
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.
Source: CVE-2022-30427
CVE-2022-27305
CVE-2022-27305
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
Source: CVE-2022-27305
CVE-2022-1348
CVE-2022-1348
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
Source: CVE-2022-1348
CVE-2022-1678
CVE-2022-1678
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
Source: CVE-2022-1678
CVE-2021-32966
CVE-2021-32966
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Source: CVE-2021-32966
CVE-2021-32997
CVE-2021-32997
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
Source: CVE-2021-32997
CVE-2021-32989
CVE-2021-32989
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
Source: CVE-2021-32989
CVE-2022-29380
CVE-2022-29380
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
Source: CVE-2022-29380
CVE-2021-35487
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
Source: CVE-2021-35487