βΌ CVE-2022-38986 βΌ
π Read
via "National Vulnerability Database".
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42234 βΌ
π Read
via "National Vulnerability Database".
There is a file inclusion vulnerability in the template management module in UCMS 1.6π Read
via "National Vulnerability Database".
βΌ CVE-2022-41603 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42067 βΌ
π Read
via "National Vulnerability Database".
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2022-41601 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42232 βΌ
π Read
via "National Vulnerability Database".
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38977 βΌ
π Read
via "National Vulnerability Database".
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46840 βΌ
π Read
via "National Vulnerability Database".
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3479 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41602 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41598 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37603 βΌ
π Read
via "National Vulnerability Database".
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39064 βΌ
π Read
via "National Vulnerability Database".
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRΓβ¦DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRΓβ¦DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:Hπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38998 βΌ
π Read
via "National Vulnerability Database".
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41589 βΌ
π Read
via "National Vulnerability Database".
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38983 βΌ
π Read
via "National Vulnerability Database".
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.π Read
via "National Vulnerability Database".
π΄ Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows π΄
π Read
via "Dark Reading".
The authentication bypass flaw in FortiOS, FortiProxy, and FortiSwitch Manager is easy to find and exploit, security experts say.π Read
via "Dark Reading".
Dark Reading
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
π΄ Apple's Constant Battles Against Zero-Day Exploits π΄
π Read
via "Dark Reading".
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.π Read
via "Dark Reading".
Dark Reading
Apple's Constant Battles Against Zero-Day Exploits
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.
π΄ Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows π΄
π Read
via "Dark Reading".
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.π Read
via "Dark Reading".
Dark Reading
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
βΌ CVE-2022-39115 βΌ
π Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38698 βΌ
π Read
via "National Vulnerability Database".
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.π Read
via "National Vulnerability Database".