CVE-2022-23968

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as so...

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs...

CVE-2017-2884

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the...

Design/Logic Flaw

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the...

Yoggie Pico and Pico Pro Backticks - Remote Code Execution

source: https://www.securityfocus.com/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with superuser privileges. A...