‼ CVE-2022-28577 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27360 ‼
📖 Read
via "National Vulnerability Database".
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27411 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28582 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28578 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27337 ‼
📖 Read
via "National Vulnerability Database".
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28581 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28579 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26073 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28583 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25267 ‼
📖 Read
via "National Vulnerability Database".
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28584 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28580 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25268 ‼
📖 Read
via "National Vulnerability Database".
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28575 ‼
📖 Read
via "National Vulnerability Database".
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25989 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
🔏 Apple Alleges Theft of Trade Secrets in New Suit 🔏
📖 Read
via "".
The company claims a stealth startup has poached 40 of its former employees, who in turn have stolen designs on its tech.📖 Read
via "".
🕴 Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials 🕴
📖 Read
via "Dark Reading".
The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.📖 Read
via "Dark Reading".
Darkreading
Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials
The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.
🤯2
🕴 Microsoft, Apple, and Google Promise to Expand Passwordless Features 🕴
📖 Read
via "Dark Reading".
The passwordless future just became closer to reality, as Microsoft, Apple, and Google pledged to make passwordless possible across operating systems and browsers.📖 Read
via "Dark Reading".
Darkreading
Microsoft, Apple, and Google Promise to Expand Passwordless Features
The passwordless future just became closer to reality, as Microsoft, Apple, and Google pledge to make the standard possible across operating systems and browsers.
‼ CVE-2022-29166 ‼
📖 Read
via "National Vulnerability Database".
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29173 ‼
📖 Read
via "National Vulnerability Database".
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.📖 Read
via "National Vulnerability Database".