CVE-2019-20231
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.
Source: CVE-2019-20231
[월:] 2022년 09월
CVE-2019-20230
CVE-2019-20230
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Source: CVE-2019-20230
CVE-2019-20229
CVE-2019-20229
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.
Source: CVE-2019-20229
CVE-2019-20227
CVE-2019-20227
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Source: CVE-2019-20227
CVE-2021-45843
CVE-2021-45843
glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application’s response.
Source: CVE-2021-45843
CVE-2022-31629
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Source: CVE-2022-31629
CVE-2022-31628
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Source: CVE-2022-31628
CVE-2022-39264
CVE-2022-39264
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one’s own devices, and/or avoid pressing the request button in the settings menu.
Source: CVE-2022-39264
CVE-2022-40710
CVE-2022-40710
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Source: CVE-2022-40710
CVE-2022-40708
CVE-2022-40708
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.
This vulnerability is similar to, but not identical to CVE-2022-40707.
Source: CVE-2022-40708