CVE-2022-3990

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation...

Update your LearnPress plugins now!

Its time for a reminder to ensure all of your WordPress plugins are fully up to date or removed, if you don't need them. Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn...

How to add all VDA logon user accounts in "Direct Access Users" group automatically

Add all user accounts in "Direct Access Users" group automatically...

CVE-2022-48072

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

Command injection

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

Command injection

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

PHICOMM K2G A1 操作系统命令注入漏洞

The PHICOMM K2G A1 is a dual-band Gigabit wireless WiFi router from PHICOMM, China. A security vulnerability exists in the PHICOMM K2G A1 version v22.6.534.263, which stems from the operation of the autoUpTime parameter of its automatic upgrade feature that allows an attacker to implement command...

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48070

Phicomm K2 devices (v22.6.534.263) are affected by CVE-2022-48070, a command‑injection vulnerability in the automatic upgrade function exposed via the autoUpTime parameter. The issue is rooted in the upgrade mechanism allowing arbitrary command execution with local attacker access and low privile...

CVE-2022-48072

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48072

Phicomm K2G v22.6.3.20 is affected by a command injection vulnerability in the automatic upgrade function, exploitable via the autoUpTime parameter. The root cause is improper handling of input in the upgrade process, allowing arbitrary commands to be executed with the device’s privileges. CVSSv3...

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-12646 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible failure to persist permissions settings due to resource exhaustion in the AutomaticZenRule of AutomaticZenRule.java. This could lead to local...

PT-2023-17712 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: A logic error in the code of AccessibilityManagerService.java allows for the automatic granting of accessibility services, potentially leading to local escalation of privilege withou...

PT-2023-12655 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible persistent denial of service DoS due to resource exhaustion in the AutomaticZenRule of AutomaticZenRule.java. This could lead to a local denial of...