CVE-2022-27915
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
Source: CVE-2022-27915
[월:] 2023년 01월
CVE-2021-26642
CVE-2021-26642
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
Source: CVE-2021-26642
CVE-2022-27916
CVE-2022-27916
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
Source: CVE-2022-27916
CVE-2022-27917
CVE-2022-27917
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
Source: CVE-2022-27917
CVE-2022-47732
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
Source: CVE-2022-47732
CVE-2022-25631
CVE-2022-25631
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
Source: CVE-2022-25631
CVE-2022-43704
CVE-2022-43704
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device’s physical environment.
Source: CVE-2022-43704
CVE-2022-27918
CVE-2022-27918
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
Source: CVE-2022-27918
CVE-2021-26644
CVE-2021-26644
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
Source: CVE-2021-26644
CVE-2022-47747
CVE-2022-47747
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.
Source: CVE-2022-47747