» 2022 » 8월

CVE-2018-5494

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2018-5494

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2018-5494

CVE-2018-5483

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2018-5483

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2018-5483

CVE-2021-20192

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2021-20192

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2021-20192

CVE-2021-20258

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2021-20258

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2021-20258

CVE-2022-37158

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37158

RuoYi v3.8.3 has a Weak password vulnerability in the management system.

Source: CVE-2022-37158

CVE-2022-37159

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37159

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.

Source: CVE-2022-37159

CVE-2022-37160

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.

Source: CVE-2022-37160

CVE-2022-37162

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the ‘Location’ field of a calendar event.

Source: CVE-2022-37162

CVE-2022-37161

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.

Source: CVE-2022-37161

CVE-2022-37292

Posted on 2022년 8월 26일2022년 8월 26일 by admin

CVE-2022-37292

Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.

Source: CVE-2022-37292