CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CVE-2022-37172

Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

USN-5581-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code...

Vulnerability fixed in VMWare Tools

VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...

D-Link DIR-816 Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the mirrored version of the D-link DIR-816 firmware A2v1.10CNB04.img. The vulnerability stems from the fact that when the wantype of its /goform/form2Wan.cgi component is 3, the...

Apple iOS and macOS Out-of-Bounds Write Vulnerability

Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges...

CVE-2022-32292

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code...

CVE-2022-32292

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code...

CVE-2022-32292

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code...

CVE-2022-36197

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

Design/Logic Flaw

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

Code injection

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312...

CVE-2022-33955

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312...

CVE-2022-35222

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service...

CVE-2022-35217

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or...

CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition...

CVE-2022-20873

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability in the Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to unexpectedly reboot, resulting in a...

CVE-2022-28809

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process...