CVE-2022-38275
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
Source: CVE-2022-38275
[월:] 2022년 09월
CVE-2020-10735
CVE-2020-10735
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Source: CVE-2020-10735
CVE-2022-2528
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Source: CVE-2022-2528
CVE-2022-29061
CVE-2022-29061
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.
Source: CVE-2022-29061
CVE-2022-2925
CVE-2022-2925
Cross-site Scripting (XSS) – Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
Source: CVE-2022-2925
CVE-2022-40307
CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
Source: CVE-2022-40307
CVE-2022-40305
CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
Source: CVE-2022-40305
CVE-2022-25765
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Source: CVE-2022-25765
CVE-2022-40299
CVE-2022-40299
In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.
Source: CVE-2022-40299
CVE-2022-40297
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account’s password.
Source: CVE-2022-40297