» 2023 » 3월

CVE-2022-24672

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-24672

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Source: CVE-2022-24672

CVE-2022-23123

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

Source: CVE-2022-23123

CVE-2022-23124

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.

Source: CVE-2022-23124

CVE-2022-23122

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-23122

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

Source: CVE-2022-23122

CVE-2022-24673

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-24673

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Source: CVE-2022-24673

CVE-2022-1230

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-1230

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.

Source: CVE-2022-1230

CVE-2022-0194

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-0194

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.

Source: CVE-2022-0194

CVE-2022-0650

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2022-0650

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.

Source: CVE-2022-0650

CVE-2023-27246

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2023-27246

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file.

Source: CVE-2023-27246

CVE-2023-27247

Posted on 2023년 3월 29일2023년 3월 29일 by admin

CVE-2023-27247

An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions via disabling process privilege tokens.

Source: CVE-2023-27247