‼ CVE-2022-46422 ‼
📖 Read
via "National Vulnerability Database".
An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46914 ‼
📖 Read
via "National Vulnerability Database".
An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46139 ‼
📖 Read
via "National Vulnerability Database".
TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4515 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46423 ‼
📖 Read
via "National Vulnerability Database".
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46910 ‼
📖 Read
via "National Vulnerability Database".
An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43872 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46428 ‼
📖 Read
via "National Vulnerability Database".
TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4579 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39304 ‼
📖 Read
via "National Vulnerability Database".
ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46435 ‼
📖 Read
via "National Vulnerability Database".
An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass 🕴
📖 Read
via "Dark Reading".
The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass
The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.
👍1
🕴 Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cybersecurity Book for Children 🕴
📖 Read
via "Dark Reading".
This unique fairytale is available for free just before Christmas to enjoy with the entire family.📖 Read
via "Dark Reading".
Dark Reading
Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cybersecurity Book for Children
This unique fairytale is available for free just before Christmas to enjoy with the entire family.
‼ CVE-2022-46316 ‼
📖 Read
via "National Vulnerability Database".
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46314 ‼
📖 Read
via "National Vulnerability Database".
The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46321 ‼
📖 Read
via "National Vulnerability Database".
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43382 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46324 ‼
📖 Read
via "National Vulnerability Database".
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41599 ‼
📖 Read
via "National Vulnerability Database".
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46327 ‼
📖 Read
via "National Vulnerability Database".
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46318 ‼
📖 Read
via "National Vulnerability Database".
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.📖 Read
via "National Vulnerability Database".