» 2022 » 8월

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.

Source: CVE-2021-20223

CVE-2020-27798

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2020-27798

An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

Source: CVE-2020-27798

CVE-2020-27797

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2020-27797

An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

Source: CVE-2020-27797

CVE-2020-27796

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2020-27796

A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

Source: CVE-2020-27796

CVE-2022-36527

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

Source: CVE-2022-36527

CVE-2022-20865

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-20865

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Source: CVE-2022-20865