CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

Stack overflow

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

CVE-2022-35407

The CVE concerns InsydeH2O’s SetupUtility driver on Intel platforms, affected versions 5.0–5.5. A stack buffer overflow from handling two UEFI variables allows arbitrary code execution when the second variable exceeds the first, enabling modification of certain UEFI variables. Impact is local, wi...

CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

GHSA-QCCM-WMCQ-PWR6 Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Affected platforms: All Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What happened? In the...

Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Affected platforms: All Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What happened? In the...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

Stack overflow

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

tailscale -- Security vulnerability in the client

Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables...

PT-2022-26155 · Tailscale · Tailscale Client

Name of the Vulnerable Software and Affected Versions: Tailscale client versions prior to v1.32.3 Description: A vulnerability in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. The peer API was vulnerable t...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

PT-2022-23005 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel 5.0 through 5.5 Description: A stack buffer overflow issue leads to arbitrary code execution when specific UEFI variables are modified. Normally, these variables are locked at the OS level, requiring an attacker t...

SUSE SLED15 / SLES15 Security Update : go1.19 (SUSE-SU-2022:4054-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4054-1 advisory. - Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In...

WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Tsubasa Iinuma of Origami Systems reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

WordPress plugin Popular Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2022-36785

D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...

SUSE-SU-2022:4055-1 Security update for go1.18

This update for go1.18 fixes the following issues: Update to go 1.18.8 released 2022-11-01 bsc1193742: Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. Bugfixes: - runtime: lock count' fatal error when cgo is enabled go56308...

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...