» 2022 » 9월

CVE-2022-39194

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-39194

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.

Source: CVE-2022-39194

CVE-2022-39188

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-39188

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

Source: CVE-2022-39188

CVE-2022-39189

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-39189

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

Source: CVE-2022-39189

CVE-2022-37679

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-37679

Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.

Source: CVE-2022-37679

CVE-2022-36637

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-36637

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.

Source: CVE-2022-36637

CVE-2022-36636

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-36636

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.

Source: CVE-2022-36636

CVE-2022-36609

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-36609

Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.

Source: CVE-2022-36609

CVE-2022-39190

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-39190

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

Source: CVE-2022-39190

CVE-2022-39177

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

Source: CVE-2022-39177

CVE-2022-36594

Posted on 2022년 9월 2일2022년 9월 2일 by admin

CVE-2022-36594

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.

Source: CVE-2022-36594