CVE-2022-21742

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services...

Afian Filerun SQL Injection Vulnerability (CNVD-2022-68943)

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

CVE-2022-23160

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files...

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2021-46602

In Bentley MicroStation CONNECT 10.16.0.80, CVE-2021-46602 is tied to a flaw in 3DS file parsing caused by improper validation of user-supplied data, resulting in a read past the end of an allocated buffer. This can disclose sensitive information and, in combination with other vulnerabilities, en...

Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-16179)

The Tenda G1 and G3 are routers from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda G1 and G3, which can be exploited by an attacker to cause a denial of service via the manualTime parameter...

Information disclosure

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2022-23597 Remote program execution with user interaction

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...

Design/Logic Flaw

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device...

Adobe Animate Post-release Reuse Vulnerability (CNVD-2021-84302)

Adobe Animate, a multimedia creation and computer animation program, is vulnerable to a post-release reuse vulnerability in Adobe Animate 21.0.9 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

rConfig chmod Command Insecure Privilege Vulnerability

rConfig is an open source network device configuration management utility . An insecure privilege vulnerability exists in the chmod command in rConfig version 3.9.6. The vulnerability stems from the fact that after installing rConfig, an apache user can execute chmod as root without a password,...

Regular Expression Denial Of Service (ReDoS)

leo is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability to crash the system by submitting a maliciously crafted string via the plugins/importers/dart.py...

Google Android Denial of Service Vulnerability (CNVD-2021-78778)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. a denial-of-service vulnerability exists in the Framework component of Google Android. A remote attacker can exploit this vulnerability to cause a denial of service...

Cross-site Scripting in the yoast_seo TYPO3 extension

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

Oracle Linux 8 : olcne (ELSA-2021-9396)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9396 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 istio - Address CVE-2021-28683,...

CVE-2021-34839

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Google Android System Information Disclosure Vulnerability (CNVD-2021-44324)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android version 11. An attacker can exploit the vulnerability to cause information...

CVE-2021-1517

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker...

Blacknote 2.2.1 - Denial of Service Exploit

Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS condition when a...