🚨 To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware
For advertising plans contact @SirMalware
CVE Notify pinned «🚨 To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalware»
🚨 CVE-2022-0880
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
🎖@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
🎖@cveNotify
GitHub
file upload bug · star7th/showdoc@818d7fe
ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具 - file upload bug · star7th/showdoc@818d7fe
👍1
🚨 CVE-2021-44625
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/deviceInfoRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
👍1
🚨 CVE-2021-44626
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/getRegVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2021-34342
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
🎖@cveNotify
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
🎖@cveNotify
GitHub
Buffer overflow in newVar_N, decompile.c:751 · Issue #205 · libming/libming
Hi, there. There is a buffer overflow in the newest master branch 04aee52 which causes a huge memory information leakage. Here is the reproducing command: swftophp poc POC: overflow-decompiler751.z...
🚨 CVE-2021-44623
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
🎖@cveNotify
GitHub
IoT_CVE/886N/chkResetVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2021-44622
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
🎖@cveNotify
GitHub
IoT_CVE/886N/chkRegVeriRegister at main · Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
🚨 CVE-2022-0865
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
🎖@cveNotify
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
🎖@cveNotify
GitLab
tiffcp: Assertion failed in TIFFReadAndRealloc, tif_read.c:99 (#385) · Issues · libtiff / libtiff · GitLab
Summary There is a reachable assertion-failed crash in _TIFFReadAndRealloc, tif_read.c:99. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. Note...
🚨 CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
🎖@cveNotify
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
🎖@cveNotify
🚨 CVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
🎖@cveNotify
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
🎖@cveNotify
GitLab
add checks for return value of limitMalloc (#392) (!314) · Merge requests · libtiff / libtiff · GitLab
fix the SEGV bug in tiffcrop, which is described in
🚨 CVE-2022-0924
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
🎖@cveNotify
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
🎖@cveNotify
GitLab
fix heap buffer overflow in tiffcp (#278) (!311) · Merge requests · libtiff / libtiff · GitLab
fix #278. Note that I currently...
🚨 CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
🎖@cveNotify
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
🎖@cveNotify
GitLab
fix the FPE in tiffcrop (#393) (!310) · Merge requests · libtiff / libtiff · GitLab
fix #393.
🚨 CVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
🎖@cveNotify
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
🎖@cveNotify
GitLab
2022/CVE-2022-0908.json · master · GitLab.org / GitLab CVE assignments · GitLab
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
🚨 CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
🎖@cveNotify
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
🎖@cveNotify
GitHub
Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault · Issue #1368 · uclouvain/openjpeg
Hi, I found a segmentation fault in current master, and I also reproduced it on latest released version 2.5.0. Crash Summary: A issues of freeing uninitialized pointer exist in src/bin/jp2/opj_deco...
🚨 CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
🎖@cveNotify
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
🎖@cveNotify
huntr.dev
Heap-based Buffer Overflow in vim
24.63K developers have been protected by securing vim. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
🚨 CVE-2022-28128
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
🎖@cveNotify
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
🎖@cveNotify
AttachéCase
File encryption software for both Windows and macOS
A simple and fast file encryption software for Windows and macOS that uses a strong encryption algorithm.
🚨 CVE-2022-27496
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
🎖@cveNotify
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
🎖@cveNotify
osdn.net
Release zerochplus 0.7.5 - ぜろちゃんねるプラス - OSDN
Release zerochplus 0.7.5 - ぜろちゃんねるプラス #osdn
🚨 CVE-2022-25348
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
🎖@cveNotify
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
🎖@cveNotify
AttachéCase
File encryption software for both Windows and macOS
A simple and fast file encryption software for Windows and macOS that uses a strong encryption algorithm.
🚨 CVE-2022-24299
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
🎖@cveNotify
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
🎖@cveNotify
🚨 CVE-2022-22986
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
🎖@cveNotify
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
🎖@cveNotify
jvn.jp
JVNVU#94900322: Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection
Japan Vulnerability Notes