🚨 CVE-2021-44622
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/chkRegVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2021-44630
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/modifyAccPwdRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
🎖@cveNotify
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
🎖@cveNotify
GitHub
Update Files.php · microweber/microweber@89200cf
Drag and Drop Website Builder and CMS with E-commerce - Update Files.php · microweber/microweber@89200cf
🚨 CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
🎖@cveNotify
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
🎖@cveNotify
GitHub
Update build-and-upload.yml · microweber/microweber@de6d17b
Drag and Drop Website Builder and CMS with E-commerce - Update build-and-upload.yml · microweber/microweber@de6d17b
🚨 CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
🎖@cveNotify
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
🎖@cveNotify
GitHub
make plupload only allowed files · microweber/microweber@33eb4cc
Drag and Drop Website Builder and CMS with E-commerce - make plupload only allowed files · microweber/microweber@33eb4cc
👍2
🚨 CVE-2021-27653
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
🎖@cveNotify
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
🎖@cveNotify
Pega
Collaboration Center
Pega continually works to implement security controls designed to protect client environments. As part of that effort, Pega has issued a CVE regarding the possibility of misconfiguring Pega Chat and Pega Intelligent Virtual Assistant (IVA) in a way that…
🚨 To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware
For advertising plans contact @SirMalware
CVE Notify pinned «🚨 To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalware»
🚨 CVE-2022-0880
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
🎖@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
🎖@cveNotify
GitHub
file upload bug · star7th/showdoc@818d7fe
ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具 - file upload bug · star7th/showdoc@818d7fe
👍1
🚨 CVE-2021-44625
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/deviceInfoRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
👍1
🚨 CVE-2021-44626
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/getRegVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2021-34342
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
🎖@cveNotify
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
🎖@cveNotify
GitHub
Buffer overflow in newVar_N, decompile.c:751 · Issue #205 · libming/libming
Hi, there. There is a buffer overflow in the newest master branch 04aee52 which causes a huge memory information leakage. Here is the reproducing command: swftophp poc POC: overflow-decompiler751.z...
🚨 CVE-2021-44623
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
🎖@cveNotify
GitHub
IoT_CVE/886N/chkResetVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2021-44622
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/chkRegVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2022-0865
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
🎖@cveNotify
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
🎖@cveNotify
GitLab
tiffcp: Assertion failed in TIFFReadAndRealloc, tif_read.c:99 (#385) · Issues · libtiff / libtiff · GitLab
Summary There is a reachable assertion-failed crash in _TIFFReadAndRealloc, tif_read.c:99. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. Note...
🚨 CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
🎖@cveNotify
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
🎖@cveNotify
🚨 CVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
🎖@cveNotify
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
🎖@cveNotify
GitLab
add checks for return value of limitMalloc (#392) (!314) · Merge requests · libtiff / libtiff · GitLab
fix the SEGV bug in tiffcrop, which is described in
🚨 CVE-2022-0924
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
🎖@cveNotify
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
🎖@cveNotify
GitLab
fix heap buffer overflow in tiffcp (#278) (!311) · Merge requests · libtiff / libtiff · GitLab
fix #278. Note that I currently...
🚨 CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
🎖@cveNotify
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
🎖@cveNotify
GitLab
fix the FPE in tiffcrop (#393) (!310) · Merge requests · libtiff / libtiff · GitLab
fix #393.
🚨 CVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
🎖@cveNotify
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
🎖@cveNotify
GitLab
2022/CVE-2022-0908.json · master · GitLab.org / GitLab CVE assignments · GitLab
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
🚨 CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
🎖@cveNotify
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
🎖@cveNotify
GitHub
Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault · Issue #1368 · uclouvain/openjpeg
Hi, I found a segmentation fault in current master, and I also reproduced it on latest released version 2.5.0. Crash Summary: A issues of freeing uninitialized pointer exist in src/bin/jp2/opj_deco...