π¨ CVE-2023-47456
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
π@cveNotify
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
π@cveNotify
GitHub
IOT_VULN/Tenda/AX1806/fromSetWirelessRepeat.md at main Β· Anza2001/IOT_VULN
Records of vulnerability in IOT. Contribute to Anza2001/IOT_VULN development by creating an account on GitHub.
π¨ CVE-2023-35836
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
π@cveNotify
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
π@cveNotify
π¨ CVE-2022-23093
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.
The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.
The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
π@cveNotify
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.
The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.
The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
π@cveNotify
π¨ CVE-2024-28640
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
π@cveNotify
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
π@cveNotify
π¨ CVE-2024-28537
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
π@cveNotify
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
π@cveNotify
π¨ CVE-2024-28394
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
π@cveNotify
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
π@cveNotify
Prestashop
Customer Data & Management - PrestaShop Addons
Easily manage your customers! With these modules, manage all your customer groups easily and use segmentation tools to best target your customers in your marketing! βββββββEnhance your PrestaShop store with features for customer data & management.
π¨ CVE-2023-50811
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the βcomputerβ POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
π@cveNotify
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the βcomputerβ POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
π@cveNotify
www.gruppotim.it
Vulnerability Research & Advisor
π¨ CVE-2022-26580
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
π@cveNotify
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
π@cveNotify
π¨ CVE-2023-26130
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).
π@cveNotify
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).
π@cveNotify
Gist
CRLF Injection in cpp-httplib@v0.12.3
CRLF Injection in cpp-httplib@v0.12.3. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2022-4920
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 101 to the stable channel for Windows, Mac and Linux. This will roll out ov...
π¨ CVE-2023-40315
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
π@cveNotify
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
π@cveNotify
π¨ CVE-2023-47455
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
π@cveNotify
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
π@cveNotify
GitHub
IOT_VULN/Tenda/AX1806/setSchedWifi.md at main Β· Anza2001/IOT_VULN
Records of vulnerability in IOT. Contribute to Anza2001/IOT_VULN development by creating an account on GitHub.
π¨ CVE-2022-23091
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
π@cveNotify
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
π@cveNotify
π¨ CVE-2024-30106
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
π@cveNotify
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Connections Security Update for Internal Application Server Information Disclosure Vulnerability - Customerβ¦
HCL Connections is vulnerable to information disclosure due to an IBM WebSphere Application Server error,
π¨ CVE-2024-44145
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
π@cveNotify
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15 - Apple Support
This document describes the security content of macOS Sequoia 15.
π¨ CVE-2024-44216
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.
π@cveNotify
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.
π@cveNotify
Apple Support
About the security content of macOS Ventura 13.7.1 - Apple Support
This document describes the security content of macOS Ventura 13.7.1.
π¨ CVE-2024-44217
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.
π@cveNotify
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.
π@cveNotify
Apple Support
About the security content of iOS 18 and iPadOS 18 - Apple Support
This document describes the security content of iOS 18 and iPadOS 18
π¨ CVE-2024-44237
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
π@cveNotify
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
π@cveNotify
Apple Support
About the security content of macOS Ventura 13.7.1 - Apple Support
This document describes the security content of macOS Ventura 13.7.1.
π¨ CVE-2024-44240
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
π@cveNotify
Apple Support
About the security content of iOS 18.1 and iPadOS 18.1 - Apple Support
This document describes the security content of iOS 18.1 and iPadOS 18.1.
π¨ CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
π@cveNotify
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
π@cveNotify
GitHub
Stored XSS on "Create a Wiki Pages" in Tikiwiki version 27.0 Β· Issue #8 Β· r0ck3t1973/xss_payload
Hi, Download and install CMS TikiWiki version 27.0 https://sourceforge.net/projects/tikiwiki/ Login into panel click a 'Wiki' -> 'Create a Wiki Pages' insert payload in descripti...