-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMyFile1.txt
More file actions
22 lines (14 loc) · 1.17 KB
/
MyFile1.txt
File metadata and controls
22 lines (14 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
====================================================
Service/Service No: domain
====================================================
CVE ID: CVE-2022-32271
Summary: In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
Score: 6.8
Published Date: 2022-06-03T06:15:00
====================================================
Service/Service No: http
====================================================
CVE ID: CVE-2022-33175
Summary: Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
Score: None
Published Date: 2022-06-13T18:15:00