» 2022 » 9월

CVE-2022-38881

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38881

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Source: CVE-2022-38881

CVE-2022-38618

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38618

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.

Source: CVE-2022-38618

CVE-2022-38882

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38882

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Source: CVE-2022-38882

CVE-2022-38887

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38887

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.

Source: CVE-2022-38887

CVE-2022-35708

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35708

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Source: CVE-2022-35708

CVE-2022-38883

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-38883

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Source: CVE-2022-38883

CVE-2022-37700

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-37700

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.

Source: CVE-2022-37700

CVE-2022-35709

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35709

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Source: CVE-2022-35709

CVE-2022-35914

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

Source: CVE-2022-35914

CVE-2022-37203

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

Source: CVE-2022-37203