» 2022 » 9월

CVE-2022-35066

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35066

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.

Source: CVE-2022-35066

CVE-2022-37032

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-37032

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Source: CVE-2022-37032

CVE-2022-35064

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35064

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.

Source: CVE-2022-35064

CVE-2022-35063

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35063

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.

Source: CVE-2022-35063

CVE-2022-0143

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-0143

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)

Source: CVE-2022-0143

CVE-2022-35061

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35061

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.

Source: CVE-2022-35061

CVE-2022-35060

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35060

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.

Source: CVE-2022-35060

CVE-2022-28321

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn’t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.

Source: CVE-2022-28321

CVE-2022-38351

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38351

A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.

Source: CVE-2022-38351

CVE-2022-28203

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

Source: CVE-2022-28203