» 2022 » 9월

CVE-2022-39220

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-39220

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

Source: CVE-2022-39220

CVE-2022-32886

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32886

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Source: CVE-2022-32886

CVE-2022-32917

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32917

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Source: CVE-2022-32917

CVE-2022-40357

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-40357

A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.

Source: CVE-2022-40357

CVE-2022-32908

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32908

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.

Source: CVE-2022-32908

CVE-2022-32912

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32912

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Source: CVE-2022-32912

CVE-2022-32911

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32911

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.

Source: CVE-2022-32911

CVE-2022-32863

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32863

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Source: CVE-2022-32863

CVE-2022-32802

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32802

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.

Source: CVE-2022-32802

CVE-2022-32882

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32882

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.

Source: CVE-2022-32882