๐จ CVE-2023-3252
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
๐@cveNotify
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
๐@cveNotify
Tenableยฎ
[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary file write vulnerability exists where an authenticatedโฆ
๐จ CVE-2023-3253
An improper authorization vulnerability exists where an authenticated,
low privileged remote attacker could view a list of all the users
available in the application.
๐@cveNotify
An improper authorization vulnerability exists where an authenticated,
low privileged remote attacker could view a list of all the users
available in the application.
๐@cveNotify
Tenableยฎ
[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary file write vulnerability exists where an authenticatedโฆ
๐จ CVE-2023-46992
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
๐@cveNotify
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
๐@cveNotify
GitHub
vul_report/TOTOLINK A3300R/readme.md at main ยท AuroraHaaash/vul_report
Vulnerability Reports. Contribute to AuroraHaaash/vul_report development by creating an account on GitHub.
๐จ CVE-2022-48193
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
๐@cveNotify
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
๐@cveNotify
๐จ CVE-2023-47456
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
๐@cveNotify
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
๐@cveNotify
GitHub
IOT_VULN/Tenda/AX1806/fromSetWirelessRepeat.md at main ยท Anza2001/IOT_VULN
Records of vulnerability in IOT. Contribute to Anza2001/IOT_VULN development by creating an account on GitHub.
๐จ CVE-2023-35836
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
๐@cveNotify
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
๐@cveNotify
๐จ CVE-2022-23093
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.
The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.
The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
๐@cveNotify
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.
The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.
The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
๐@cveNotify
๐จ CVE-2024-28640
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
๐@cveNotify
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
๐@cveNotify
๐จ CVE-2024-28537
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
๐@cveNotify
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
๐@cveNotify
๐จ CVE-2024-28394
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
๐@cveNotify
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
๐@cveNotify
Prestashop
Customer Data & Management - PrestaShop Addons
Easily manage your customers! With these modules, manage all your customer groups easily and use segmentation tools to best target your customers in your marketing! โโโโโโโEnhance your PrestaShop store with features for customer data & management.
๐จ CVE-2023-50811
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the โcomputerโ POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
๐@cveNotify
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the โcomputerโ POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
๐@cveNotify
www.gruppotim.it
Vulnerability Research & Advisor
๐จ CVE-2022-26580
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
๐@cveNotify
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
๐@cveNotify
๐จ CVE-2023-26130
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).
๐@cveNotify
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).
๐@cveNotify
Gist
CRLF Injection in cpp-httplib@v0.12.3
CRLF Injection in cpp-httplib@v0.12.3. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2022-4920
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 101 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2023-40315
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
๐@cveNotify
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
๐@cveNotify
๐จ CVE-2023-47455
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
๐@cveNotify
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
๐@cveNotify
GitHub
IOT_VULN/Tenda/AX1806/setSchedWifi.md at main ยท Anza2001/IOT_VULN
Records of vulnerability in IOT. Contribute to Anza2001/IOT_VULN development by creating an account on GitHub.
๐จ CVE-2022-23091
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
๐@cveNotify
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
๐@cveNotify
๐จ CVE-2024-30106
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
๐@cveNotify
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
๐@cveNotify
Hcl-Software
Security Bulletin: HCL Connections Security Update for Internal Application Server Information Disclosure Vulnerability - Customerโฆ
HCL Connections is vulnerable to information disclosure due to an IBM WebSphere Application Server error,
๐จ CVE-2024-44145
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
๐@cveNotify
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
๐@cveNotify
Apple Support
About the security content of macOS Sequoia 15 - Apple Support
This document describes the security content of macOS Sequoia 15.