CVE-2022-38340
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.
Source: CVE-2022-38340
[월:] 2022년 09월
CVE-2022-37265
CVE-2022-37265
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.
Source: CVE-2022-37265
CVE-2022-37259
CVE-2022-37259
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.
Source: CVE-2022-37259
CVE-2017-20147
CVE-2017-20147
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
Source: CVE-2017-20147
CVE-2016-20015
CVE-2016-20015
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Source: CVE-2016-20015
CVE-2017-20148
CVE-2017-20148
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
Source: CVE-2017-20148
CVE-2022-38916
CVE-2022-38916
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
Source: CVE-2022-38916
CVE-2022-37204
CVE-2022-35196
CVE-2022-35196
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Source: CVE-2022-35196
CVE-2021-33081
CVE-2021-33081
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
Source: CVE-2021-33081