» 2022 » 9월

CVE-2022-41220

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-41220

** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor’s position is that the product is not intended for untrusted input.

Source: CVE-2022-41220

CVE-2022-35085

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35085

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

Source: CVE-2022-35085

CVE-2022-38619

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-38619

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.

Source: CVE-2022-38619

CVE-2022-35087

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35087

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.

Source: CVE-2022-35087

CVE-2022-35086

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35086

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.

Source: CVE-2022-35086

CVE-2022-39221

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-39221

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory.

Source: CVE-2022-39221

CVE-2022-35089

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35089

SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.

Source: CVE-2022-35089

CVE-2022-35088

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35088

SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.

Source: CVE-2022-35088

CVE-2022-35090

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35090

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.

Source: CVE-2022-35090

CVE-2022-35957

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/

Source: CVE-2022-35957