» 2022 » 9월

CVE-2021-27774

Posted on 2022년 9월 23일2022년 9월 23일 by admin

CVE-2021-27774

User input included in error response, which could be used in a phishing attack.

Source: CVE-2021-27774

CVE-2022-37234

Posted on 2022년 9월 23일2022년 9월 23일 by admin

CVE-2022-37234

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.

Source: CVE-2022-37234

CVE-2022-3274

Posted on 2022년 9월 23일2022년 9월 23일 by admin

CVE-2022-3274

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.

Source: CVE-2022-3274

CVE-2022-35894

Posted on 2022년 9월 23일2022년 9월 23일 by admin

CVE-2022-35894

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

Source: CVE-2022-35894

CVE-2022-36062

Posted on 2022년 9월 23일2022년 9월 23일 by admin

CVE-2022-36062

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.

Source: CVE-2022-36062