Latest 7 days CVE Lists

This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 39분 지남
CVE-2022-23664
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23665
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23666
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-1731
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.
CVE-2021-27442
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
CVE-2021-27444
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
CVE-2021-27446
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
CVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVE-2021-33021
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVE-2021-33025
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
CVE-2022-1679
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-30695
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVE-2022-30696
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVE-2022-30697
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
CVE-2022-25169
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
CVE-2022-30050
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
CVE-2022-30055
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.