744 matches found
PT-2022-27155 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the lang parameter in the setLanguageCfg function. This allows for potential exploitation after authentication has be...
PT-2022-27159 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the sPort/ePort parameter in the setIpPortFilterRules function. This allows for potential exploitation after...
PT-2022-27153 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the text parameter in the setSmsCfg function. This allows for potential exploitation after authentication has been...
PT-2022-27156 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the pppoeUser parameter in the setOpModeCfg function. This allows for potential exploitation after authentication has...
PT-2022-27152 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the ip parameter in the setDiagnosisCfg function. This allows for potential exploitation after authentication has bee...
CVE-2022-44258
CVE-2022-44258 affects TOTOLINK LR350 devices (example: V9.3.5u.6369_B20220309). The root cause is a post-authentication buffer overflow in the setTracerouteCfg function triggered by a crafted parameter command. Impact is described as high for confidentiality, integrity, and availability under CV...
CVE-2022-44253
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function...
CVE-2022-44253
CVE-2022-44253 affects TOTOLINK LR350 (version 9.3.5u.6369_B20220309). A post-authentication buffer overflow is triggered via the ip parameter in the setDiagnosisCfg function, with potential for remote code execution as indicated by multiple sources. The NVD/NIST entry rates impact as high (CVSS ...
CVE-2022-44260
CVE-2022-44260 affects TOTOLINK LR350 firmware 9.3.5u.6369_B20220309. The issue is a post-authentication buffer overflow in the setIpPortFilterRules function exploited via the sPort/ePort parameters, enabling remote code execution as described in multiple sources. The CVSS vector indicates networ...
CVE-2022-44259
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function...
CVE-2022-44254
CVE-2022-44254 affects TOTOLINK LR350, specifically firmware version 9.3.5u.6369_B20220309. The vulnerability is a post-authentication buffer overflow in the setSmsCfg function, triggered via the text parameter, which can lead to remote code execution as described in multiple sources. Some docume...
CVE-2022-35698
Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution...
Cross site scripting
Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution...
CVE-2022-20401
In SAEMMRetrievEPLMNList of SAEMMContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Out-of-bounds
In SAEMMRetrievEPLMNList of SAEMMContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20401
In SAEMMRetrievEPLMNList of SAEMMContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Privilege Escalation
github.com/fleetdm/fleet is vulnerable to privilege escalation. A premium users with access to the team features are facing post-authentication authorization leading to insecure access control. This vulnerability does not affect fleet instances without teams, or with teams but without restricted...
CVE-2022-22279
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...
CVE-2022-22279
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...
CVE-2022-22279
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...