» 2022 » 9월

CVE-2021-33076

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2021-33076

Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Source: CVE-2021-33076

CVE-2022-32167

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2022-32167

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.

Source: CVE-2022-32167

CVE-2021-33079

Posted on 2022년 9월 21일2022년 9월 21일 by admin

CVE-2021-33079

Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.

Source: CVE-2021-33079

CVE-2022-40955

Posted on 2022년 9월 20일2022년 9월 21일 by admin

CVE-2022-40955

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Source: CVE-2022-40955

CVE-2022-3245

Posted on 2022년 9월 20일2022년 9월 21일 by admin

CVE-2022-3245

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Source: CVE-2022-3245

CVE-2022-3005

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-3005

Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

Source: CVE-2022-3005

CVE-2022-3242

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

Source: CVE-2022-3242

CVE-2022-2177

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-2177

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

Source: CVE-2022-2177

CVE-2022-3079

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-3079

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.

Source: CVE-2022-3079

CVE-2022-3004

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-3004

Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

Source: CVE-2022-3004