CVE-2021-35220

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution RCE from the Alerts Settings page...

CVE-2020-35220

creationtimestamp| type| source ---|---|--- 2024-10-09 19:00:25+00:00| seen| https://t.me/CyberSecurityTechnologies/2861...

CVE-2024-35220 @fastify/session reuses destroyed session cookie

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not...

CVE-2024-35220 @fastify/session reuses destroyed session cookie

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not...

One Speaker 输入验证错误漏洞

Sonos One Speaker is a Smart Speaker from Sonos, USA. An input validation error vulnerability exists in Sonos One Speaker version 70.3-35220, which stems from a lack of proper validation of user-supplied data, and can be exploited by an attacker to execute arbitrary code in a rooted context...

Sonos One Speaker 安全漏洞

Sonos One Speaker is a smart speaker from Sonos USA. A security vulnerability exists in Sonos One Speaker version 70.3-35220, which stems from a failure to properly validate the length of user-supplied data. An attacker could exploit the vulnerability to execute code in a rooted environment...

Sonos One Speaker 资源管理错误漏洞

Sonos One Speaker is a Smart Speaker from Sonos, USA. Sonos One Speaker version 70.3-35220 suffers from a resource management error vulnerability that stems from not verifying the existence of an object before performing an operation on it, which can be exploited by an attacker to execute code in...

Sonos One Speaker 缓冲区错误漏洞

Sonos One Speaker is a smart speaker from Sonos USA. Sonos One Speaker version 70.3-35220 suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data, which could result in a read beyond the end of the allocated buffer, which could be exploited by a...

PT-2023-21077 · Sonos · Sonos One Speaker

Name of the Vulnerable Software and Affected Versions: Sonos One Speaker version 70.3-35220 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

PT-2023-21075 · Sonos · Sonos One Speaker

Name of the Vulnerable Software and Affected Versions: Sonos One Speaker version 70.3-35220 Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within...

PT-2023-21074 · Sonos · Sonos One Speaker

Name of the Vulnerable Software and Affected Versions: Sonos One Speaker version 70.3-35220 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

CVE-2022-35220

creationtimestamp| type| source ---|---|--- 2022-08-02 20:18:18+00:00| seen| https://t.me/cibsecurity/47422...

CVE-2022-35220

Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal terminati...

CVE-2022-35220

CVE-2022-35220 affects Teamplus Pro, specifically the Community Discussion feature. A remote attacker with general user privileges can post a thread with large content, triggering an allocation of resources without limits or throttling and causing memory exhaustion on the receiving client, potent...

CVE-2021-35220

creationtimestamp| type| source ---|---|--- 2021-08-31 16:33:27+00:00| seen| https://t.me/cibsecurity/28079...

CVE-2021-35220

SolarWinds Orion Platform 2020.2.0 before 2020.2.6 HF1 is affected by CVE-2021-35220 (EmailWebPage API command injection). An authenticated remote attacker could exploit this via the Alerts Settings page to achieve Remote Code Execution. Remediation: upgrade to 2020.2.6 HF1 or later; apply vendor...

CVE-2021-35220 EmailWebPage Command Injection RCE

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution RCE from the Alerts Settings page...

CVE-2020-35220

CVE-2020-35220 is a reservation duplicate of CVE-2020-35801. Public details identify NETGEAR JGS516PE/GS116Ev2 (and related models) with an active-by-default TFTP server vulnerability that allows remote authenticated firmware updates; affected versions are prior to 2.6.0.48. Remediation is to upg...

CVE-2020-35220

...