CVE-2022-20345

In l2cbleprocesssigcmd of l2cble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

GO-2022-0190 Directory traversal via "go get" command in cmd/go

The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly brace both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented at...

CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

Fedora: Security Advisory for golang-x-perf (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

[SECURITY] Fedora 35 Update: golang-x-perf-0-0.15.20210123gitbdcc622.fc35

This package holds the source for various tools related to performance measurement, storage, and analysis. - cmd/benchstat contains a command-line tool that computes and 7 compares statistics about benchmarks. - cmd/benchsave contains a command-line tool for publishing benchmark results. - storag...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-1890)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to...

grub2: use-after-free in grub_cmd_chainloader()

A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1865)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

CVE-2022-31846

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Information disclosure

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Design/Logic Flaw

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Information disclosure

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31846

WAVLINK WN535 G3 M35G3R.V5030.180927 is affected by CVE-2022-31846 in the live_mfg.shtml page. Nuclei templates document a information-disclosure vulnerability where an attacker can obtain sensitive router information by triggering the exec cmd function, potentially exposing configuration details...

CVE-2022-31846

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...