» 2023 » 2월

CVE-2023-22636

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-22636

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.

Source: CVE-2023-22636

CVE-2022-31405

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2022-31405

MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.

Source: CVE-2022-31405

CVE-2023-26257

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26257

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.

Source: CVE-2023-26257

CVE-2023-26609

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26609

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

Source: CVE-2023-26609

CVE-2023-26607

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26607

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

Source: CVE-2023-26607

CVE-2023-26606

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26606

In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.

Source: CVE-2023-26606

CVE-2023-26605

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26605

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Source: CVE-2023-26605

CVE-2022-48363

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2022-48363

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.

Source: CVE-2022-48363

CVE-2023-26602

Posted on 2023년 2월 27일2023년 2월 27일 by admin

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

Source: CVE-2023-26602

CVE-2023-1047

Posted on 2023년 2월 26일2023년 2월 27일 by admin

CVE-2023-1047

A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.

Source: CVE-2023-1047