CVE-2022-2143
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
Source: CVE-2022-2143
[월:] 2022년 07월
CVE-2022-2135
CVE-2022-2135
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
Source: CVE-2022-2135
CVE-2022-1655
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
Source: CVE-2022-1655
CVE-2022-34503
CVE-2022-34503
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Source: CVE-2022-34503
CVE-2022-34037
CVE-2022-34037
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.
Source: CVE-2022-34037
CVE-2022-34509
CVE-2022-34509
The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.
Source: CVE-2022-34509
CVE-2022-2142
CVE-2022-2142
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
Source: CVE-2022-2142
CVE-2022-34502
CVE-2022-34502
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
Source: CVE-2022-34502
CVE-2021-36200
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
Source: CVE-2021-36200
CVE-2022-31168
CVE-2022-31168
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.
Source: CVE-2022-31168