Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-37108

CVSS 8.7 · High EPSS 1.17% · P79
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-37108

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Securonix SNYPR 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Securonix SNYPR是美国Securonix公司的一个开放的、模块化的下一代安全智能平台,它结合了日志管理、安全信息和事件。 Securonix SNYPR 6.4版本存在安全漏洞,该漏洞源于其syslog-ng配置向导允许具有“Manage Ingesters”权限的应用程序用户在系统执行的文本文件(如用户的crontab文件)中附加任意文本,从而在远程Ingesters上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-37108

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-37108

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-09-07 · 37 CVEs total

CVE-2022-36659xhyve 代码问题漏洞
CVE-2022-38309Tenda AC18 缓冲区错误漏洞
CVE-2022-38314Tenda AC18 缓冲区错误漏洞
CVE-2022-30078NETGEAR R6300v2和NETGEAR R6200v2 操作系统命令注入漏洞
CVE-2022-30312Honeywell Trend Controls IQ Series that utilize Inter-Controller (IC) protocol 安全漏洞
CVE-2022-31414D-Link DIR-1960 安全漏洞
CVE-2022-36587Tenda G3 安全漏洞
CVE-2022-36661xhyve 代码问题漏洞
CVE-2022-36660xhyve 缓冲区错误漏洞
CVE-2022-38310Tenda AC18 缓冲区错误漏洞
CVE-2022-37780多款Phicomm产品安全漏洞
CVE-2022-36539Eigen&Wijzer Ouderapp 安全漏洞
CVE-2022-37731ftcms 跨站脚本漏洞
CVE-2022-37730ftcms 跨站请求伪造漏洞
CVE-2022-35513Blink1Control2 加密问题漏洞
CVE-2022-36271Outbyte PC Repair 代码问题漏洞
CVE-2022-37189DDMAL MEI2Volpiano 代码问题漏洞
CVE-2022-40023SQLAlchemy 安全漏洞
CVE-2022-38247Nagios XI 跨站脚本漏洞
CVE-2022-36586Tenda G3 安全漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-37108

No comments yet

Leave a comment