書きかけ ↓
2022-4262 Google Chromium V8 Engine
Google Chromium V8 Type Confusion Vulnerability
2022-12-05
Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.
Google Chromium V8 には、型崩れの脆弱性が存在します。
Apply updates per vendor instructions by 2022-12-26
https://chromereleases.
CVE-2022-42475 Fortinet FortiOS
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
2022-12-13
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Fortinet FortiOS SSL-VPN の複数のバージョンには、
Apply updates per vendor instructions by 2023-01-03
https://www.fortiguard.com/
CVE-2022-27518 Citrix Application Delivery Controller (ADC) and Gateway
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
2022-12-13
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability which allows an attacker to execute code as administrator.
Citrix Application Delivery Controller (ADC) および Gateway の SAML SP または IdP 設定時に、
Apply updates per vendor instructions by 2023-01-03
CVE-2022-42856 Apple iOS
Apple iOS Type Confusion Vulnerability
2022-12-14
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
Apple iOS には、悪意を持って細工されたウェブコンテンツを処理する際に、
Apply updates per vendor instructions by 2023-01-04
https://support.apple.com/en-
# ------------------------------
CVE-2022-26500 Veeam Backup & Replication
Veeam Backup & Replication Remote Code Execution Vulnerability
2022-12-13
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
Backup & ReplicationアプリケーションのVeeam Distribution Serviceは、未認証のユーザーが内部API機能にアクセス
Apply updates per vendor instructions by 2023-01-03
CVE-2022-26501 Veeam Backup & Replication
Veeam Backup & Replication Remote Code Execution Vulnerability
2022-12-13
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
Backup & ReplicationアプリケーションのVeeam Distribution Serviceは、未認証のユーザーが内部API機能にアクセス
Apply updates per vendor instructions by 2023-01-03
# ------------------------------
CVE-2018-5430 TIBCO JasperReports
TIBCO JasperReports Server Information Disclosure Vulnerability
2022-12-29
TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
TIBCO JasperReports Server には、認証されたユーザが、
Apply updates per vendor instructions by 2023-01-19
CVE-2018-18809 TIBCO JasperReports
TIBCO JasperReports Library Directory Traversal Vulnerability
2022-12-29
TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.
TIBCO JasperReports Library には、ディレクトリトラバーサルの脆弱性があり、
Apply updates per vendor instructions by 2023-01-19
# ------------------------------
CVE-2022-44698 Microsoft Defender
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
2022-12-13
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Microsoft Defender SmartScreen には、セキュリティ機能回避の脆弱性があり、
Apply updates per vendor instructions by 2023-01-03
https://msrc.microsoft.com/
CVE-2022-41080 Microsoft Exchange Server
Microsoft Exchange Server Privilege Escalation Vulnerability
2023-01-10
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Microsoft Exchange Server には、特権の昇格を可能にする未指定の脆弱性が存在します。
Apply updates per vendor instructions by 2023-01-31
https://msrc.microsoft.com/
CVE-2023-21674 Microsoft Windows
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
2023-01-10
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Advanced Local Procedure Call (ALPC) には、権限昇格の可能性がある未特定の脆弱性が存在します。
Apply updates per vendor instructions by 2023-01-31
https://msrc.microsoft.com/
# ------------------------------