CVE-2024-22942

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...

Linux Distros Unpatched Vulnerability : CVE-2022-22942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the...

CVE-2024-7236

CVE-2024-7236 affects AVG AntiVirus Free (icarus). The vulnerability is in the AVG Installer: an attacker who can run low-privilege code locally can abuse the updater by creating a symbolic link to create a file, enabling a persistent DoS condition. This is a local-privilege, file-creation DoS ve...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CentOS 7 : kpatch-patch (RHSA-2022:0592)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0592 advisory. - In doepollctl and eploopcheckproc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of...

CVE-2024-22942

creationtimestamp| type| source ---|---|--- 2024-01-11 18:02:37+00:00| seen| https://t.me/ctinow/166688 2024-01-18 19:16:42+00:00| seen| https://t.me/ctinow/169875 2024-01-30 15:51:50+00:00| seen| https://t.me/ctinow/176000...

CVE-2024-22942

The CVE-2024-22942 entry concerns TOTOLINK A3300R, version 17.0.0cu.557_B20221024. A command injection vulnerability exists in the setWanCfg function via the hostName parameter, due to insufficient input filtering, enabling arbitrary command execution from an attacker with network access. Documen...

CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer...

CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer...

CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer...

CVE-2022-22942

CVE-2022-22942 concerns the VMware VMWGFX Linux kernel driver, enabling local privilege escalation due to a dangling file pointer in the driver that can let unprivileged users access files opened by other processes. Affected component: VMware vmwgfx/VGA driver in the kernel. Root cause/impact: lo...

AlmaLinux 8 : kernel (ALSA-2022:0825)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0825 advisory. - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with Syste...

[SECURITY] [DSA 5372-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

K30914425: Linux vulnerabilities CVE-2022-0330 and CVE-2022-22942

Security Advisory Description CVE-2022-0330 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0212)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0212 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG...

CVE-2023-22942

creationtimestamp| type| source ---|---|--- 2023-02-14 20:36:01+00:00| seen| https://t.me/cibsecurity/58135...

CVE-2023-22942

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG app in the ‘kvstoreclient’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request...

CVE-2023-22942

In Splunk Enterprise, a cross-site request forgery vulnerability affects the Splunk Secure Gateway (SSG) app via the kvstore_client REST endpoint. Affected versions are below 8.1.13, 8.2.10, and 9.0.4. The issue, described across multiple sources, allows an attacker to update SSG KV store collect...

CVE-2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG app in the ‘kvstoreclient’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request...

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...