CVE-2022-1721
published 2022-05-16CVE-2022-1721: Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.15%
79.8th percentile
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| diagrams | drawio | < 18.0.5 | 18.0.5 |
| jgraph | jgraph_drawio | >= unspecified < 18.0.5 | 18.0.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
CVE-2022-34671 [HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and VirtualBox) to perform a guest-to-host escape, as we’ve illustrated with previous vulner
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
[HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
## Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and Virtua
2022-05-16
Published