‼ CVE-2022-25219 ‼
📖 Read
via "National Vulnerability Database".
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40064 ‼
📖 Read
via "National Vulnerability Database".
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3981 ‼
📖 Read
via "National Vulnerability Database".
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0618 ‼
📖 Read
via "National Vulnerability Database".
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3558 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20058 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34338 ‼
📖 Read
via "National Vulnerability Database".
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42857 ‼
📖 Read
via "National Vulnerability Database".
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21170 ‼
📖 Read
via "National Vulnerability Database".
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43969 ‼
📖 Read
via "National Vulnerability Database".
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20059 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24995 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24606 ‼
📖 Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40052 ‼
📖 Read
via "National Vulnerability Database".
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25244 ‼
📖 Read
via "National Vulnerability Database".
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26102 ‼
📖 Read
via "National Vulnerability Database".
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36517 ‼
📖 Read
via "National Vulnerability Database".
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24915 ‼
📖 Read
via "National Vulnerability Database".
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25814 ‼
📖 Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0891 ‼
📖 Read
via "National Vulnerability Database".
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32006 ‼
📖 Read
via "National Vulnerability Database".
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.📖 Read
via "National Vulnerability Database".