[월:] 2023년 01월

CVE-2020-36611

Posted on by admin

CVE-2020-36611

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager – Agent for RAID, Hitachi Tuning Manager – Agent for NAS, Hitachi Tuning Manager – Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.

Source: CVE-2020-36611

CVE-2022-45439

Posted on by admin

CVE-2022-45439

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.

Source: CVE-2022-45439

CVE-2022-45440

Posted on by admin

CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.

Source: CVE-2022-45440

CVE-2015-10056

Posted on by admin

CVE-2015-10056

A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400.

Source: CVE-2015-10056