Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

Remote Code Execution (RCE)

Overview ungit is a version control library. Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some gi...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.7.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for WP Job Manager plugin versions = 1.7.0.3. Solution Update the WordPress Go Fetch Jobs for WP Job Manager for WooCommerce plugin to the latest available version at least 1.7.3.2...

WordPress Go Fetch Jobs (for JobEngine) plugin <= 1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Go Fetch Jobs for JobEngine plugin versions = 1.0. Solution No patched version available...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.7.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Go Fetch Jobs for WP Job Manager plugin versions = 1.7.0.3. Solution Update the WordPress Go Fetch Jobs for WP Job Manager for WooCommerce plugin to the latest available version at least 1.7.3.2...

WordPress Go Fetch Jobs (for JobEngine) plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for JobEngine plugin versions = 1.0. Solution No patched version available...

fetch-yachting.com Cross Site Scripting vulnerability OBB-2383825

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cab Management System 1.0 Remote Code Execution

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources the fix is available with commit eecb0712.

...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

Double free

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

AZL-41454 CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

DEBIAN-CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

UBUNTU-CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

VMware ESXi 竞争条件问题漏洞

Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A Competing Conditions Issue vulnerability exists in VMware ESXi, which stems from a double fetch vulnerability in the product's UHCI USB controller. A remote user with...

VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...