π¨ CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
π@cveNotify
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
π@cveNotify
GitHub
Fix potential vulnerability for "http://\\\\localhost" Β· duzun/URL.js@9dc9fcc
Parse and format URLs. Contribute to duzun/URL.js development by creating an account on GitHub.
π¨ CVE-2022-0881
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
π@cveNotify
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
π@cveNotify
GitHub
Remove exif tags when processing images Β· Chocobozzz/PeerTube@0c058f2
ActivityPub-federated video streaming platform using P2P directly in your web browser - Remove exif tags when processing images Β· Chocobozzz/PeerTube@0c058f2
π¨ CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
π@cveNotify
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
π@cveNotify
Seowon-SlC-130-And-SLR-120S-Exploit
Seowon SLC-130 And SLR-120S Router-RCE Exploit + Unlocking method ( CVE-2020-17456 )
Seowon SLC-130 And SLR-120S Routers Exploit
π¨ CVE-2022-24319
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
π¨ CVE-2022-24421
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24420
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24419
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24416
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24415
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24320
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
π¨ CVE-2022-26318
Null pointer dereference in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to potentially execute arbitrary code via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
π@cveNotify
Null pointer dereference in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to potentially execute arbitrary code via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
π@cveNotify
π¨ CVE-2022-24456
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453.
π@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453.
π@cveNotify
π¨ CVE-2022-24453
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.
π@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.
π@cveNotify
π¨ CVE-2022-22007
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.
π@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.
π@cveNotify
π¨ CVE-2022-22006
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.
π@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.
π@cveNotify
π¨ CVE-2021-42577
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.
π@cveNotify
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.
π@cveNotify
π¨ CVE-2021-42262
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
π@cveNotify
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
π@cveNotify
π¨ CVE-2021-41850
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
π@cveNotify
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
π@cveNotify
Athack
@Hack | Infosec on the Edge | 28 - 30 November 2021
atHack (@Hack) is one of the worldβs largest infosec events, bringing together global CISOs, elite ethical hackers & 14,000+ visitors in Riyadh, Saudi Arabia
π¨ CVE-2021-41849
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
π@cveNotify
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
π@cveNotify
Athack
@Hack | Infosec on the Edge | 28 - 30 November 2021
atHack (@Hack) is one of the worldβs largest infosec events, bringing together global CISOs, elite ethical hackers & 14,000+ visitors in Riyadh, Saudi Arabia