‼ CVE-2022-27644 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43631 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web management portal. When parsing subelements within the VirtualServerInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16151.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27642 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28643 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16468.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43649 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19478.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28647 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16573.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28320 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16282.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43618 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16377.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27641 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42426 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37351 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17636.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43642 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19222.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42430 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43622 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.📖 Read
via "National Vulnerability Database".
🕴 Trojan-Rigged Tor Browser Bundle Drops Malware 🕴
📖 Read
via "Dark Reading".
Attackers are targeting cryptocurrency accounts belonging to users in Russia and more than 50 other countries.📖 Read
via "Dark Reading".
Dark Reading
Trojan-Rigged Tor Browser Bundle Drops Malware
Attackers are targeting cryptocurrency accounts belonging to users in Russia and more than 50 other countries.
🕴 Top Tech Talent Warns on AI's Threat to Human Existence in Open Letter 🕴
📖 Read
via "Dark Reading".
Musk, Wozniak, and Yang are among more than a thousand tech leaders asking for time to establish human safety parameters around AI.📖 Read
via "Dark Reading".
Dark Reading
Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter
Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI.
‼ CVE-2023-1656 ‼
📖 Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28501 ‼
📖 Read
via "National Vulnerability Database".
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28502 ‼
📖 Read
via "National Vulnerability Database".
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28507 ‼
📖 Read
via "National Vulnerability Database".
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22705 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.📖 Read
via "National Vulnerability Database".