» 2022 » 9월

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.

Source: CVE-2022-34356

CVE-2022-39814

Posted on 2022년 9월 14일2022년 9월 14일 by admin

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.

Source: CVE-2022-39814

CVE-2022-38329

Posted on 2022년 9월 14일2022년 9월 14일 by admin

CVE-2022-38329

An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17.

Source: CVE-2022-38329

CVE-2022-38307

Posted on 2022년 9월 14일2022년 9월 14일 by admin

CVE-2022-38307

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.

Source: CVE-2022-38307

CVE-2022-22329

Posted on 2022년 9월 14일2022년 9월 14일 by admin

CVE-2022-22329

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.

Source: CVE-2022-22329

CVE-2022-38342

Posted on 2022년 9월 14일2022년 9월 14일 by admin

CVE-2022-38342

Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

Source: CVE-2022-38342