CVE-2022-36191

CVE-2022-36191 affects GPAC (gf_isom_dovi_config_get in isomedia/avc_ext.c:2490) where a heap-buffer-overflow could be triggered by MP4Box. The vulnerability is characterized by local attack vector with user interaction (per NVD) and can lead to high impact on availability. The issue has a public...

PT-2022-24302 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: XPDF affected versions not specified Description: A segmentation violation was discovered in XPDF via the DCTStream::readMCURow function at /xpdf/Stream.cc. Recommendations: At the moment, there is no information about a newer version that...

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The configuration function vulnerability of ASUS RT-AC56U Wi-Fi router software allows a hacker to execute arbitrary code.

The vulnerability of the configuration function of ASUS’ Wi-Fi router software, the RT-AC56U, is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Main function in the microprogrammed software of TOTOLink T10 allows a hacker to execute arbitrary commands.

The vulnerability of the Main function in the microprogrammed routing software TOTOLink T10 is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A810R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A810R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

Integer overflow

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...

CVE-2022-28700

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

CVE-2022-32115

An issue in the isSVG function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file...

The vulnerability in the implementation of the util.printf() function allows attackers to execute arbitrary code in PDF viewer and editor applications like Adobe Reader and Adobe Acrobat.

The vulnerability of the util.printf function in PDF viewing and editing applications like Adobe Reader and Adobe Acrobat arises from the execution of operations outside of the buffer in memory, due to improper parameter checking. Exploiting this vulnerability allows a malicious actor to execute...

Out-of-bound write in function parse_command_modifiers

Description Out-of-bounds write in function parsecommandmodifiers at exdocmd.c:3123 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ ./vim3/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min -c :qa!...

The vulnerability of the recovery function of the ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, and ESET Security for Microsoft SharePoint Server allows a perpetrator to execute arbitrary code.

The vulnerability of the recovery function of the ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET File Security for Microsoft Windows Server, ESET Mail Security for...

CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

CVE-2022-28919

HTMLCreator releasestable2020-07-29 was discovered to contain a cross-site scripting XSS vulnerability via the function generateFilename...

CVE-2022-28056

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...

CVE-2022-28506

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45...

setDebtInterestApr() doesn't accrue interest before changing it

Lines of code Vulnerability details Impact Wrong interest can be charged if interest is changed without calling accrue Proof of Concept The function setDebtInterestApr updates the interest charged on debt without calling accrue before to compute previous interests. If someone takes debt at 2% and...

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

ELECOM lan 安全漏洞

ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in ELECOM LAN routers that stems from a hidden function vulnerability in ELECOM LAN routers. The vulnerability can be exploited by an attacker to execute arbitrary operating system commands over an unspecified vector on a...