CVE-2022-28436

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php=display=Hide=...

D-Link Multiple DAP Devices XSS Vulnerability (Apr 2024)

Multiple D-Link DAP devices are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2024-28436

Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the sessionlogin.php component...

CVE-2024-28436

CVE-2024-28436 affects multiple D-Link DAP devices (DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662). The issue is a Cross Site Scripting vulnerability in the session_login.php component, exploitable via the reload parameter to potentially execut...

CVE-2023-28436

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

CVE-2023-28436

CVE-2023-28436 affects Tailscale SSH on FreeBSD prior to 1.38.2. A difference in FreeBSD’s setgroups behavior caused the tailscaled egid to be used instead of the user’s, permitting some commands to run with a higher privilege group ID than allowed by Tailscale SSH access rules, under specific co...

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

FreeBSD : tailscale -- security vulnerability in Tailscale SSH (1b15a554-c981-11ed-bb39-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b15a554-c981-11ed-bb39-901b0e9408dc advisory. - Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD...

chewb-server (>=0.0.1 <=0.0.20), video-dash-uploader (>=0.0.1 <=0.0.4) +1 more potentially affected by CVE-2020-28436 via google-cloudstorage-commands (=0.0.1)

google-cloudstorage-commands NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on google-cloudstorage-commands and may be impacted: - chewb-server =0.0.1, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2020-28436 Source advisory:...

CVE-2020-28436 Command Injection

This affects all versions of package google-cloudstorage-commands...

CVE-2020-28436

The CVE-2020-28436 entry concerns a Command Injection vulnerability in the npm package google-cloudstorage-commands. Affected software: all versions of google-cloudstorage-commands. Reported impact from connected sources indicates that attacker-controlled input can influence shell execution via t...

CVE-2022-28436

creationtimestamp| type| source ---|---|--- 2022-04-22 00:27:24+00:00| seen| https://t.me/cibsecurity/41277...

CVE-2022-28436

Summary: CVE-2022-28436 affects Baby Care System v1.0 with a SQL injection in the admin/uesrs.php endpoint via the userid parameter (/* action=display, value=Hide /). The root cause is lack of input validation for the userid parameter, enabling SQL commands to be injected and potentially exfiltra...

CVE-2021-28436

Windows Speech Runtime Elevation of Privilege Vulnerability...

CVE-2021-28436

CVE-2021-28436 is a Windows Speech Runtime elevation-of-privilege vulnerability with local attack vector and no user interaction required (CVSSv3.1: base score 7.8, HIGH). Affected component is the Speech Runtime in Windows; underlying root-cause and exact exploit details are not spelled out in t...

KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...

KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...

chewb-server (>=0.0.1 <=0.0.20), video-dash-uploader (>=0.0.1 <=0.0.4) +1 more potentially affected by CVE-2020-28436 via google-cloudstorage-commands (=0.0.1)

google-cloudstorage-commands NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on google-cloudstorage-commands and may be impacted: - chewb-server =0.0.1, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2020-28436 Source advisory:...