CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

CVE-2022-23485

CVE-2022-23485 affects the Sentry Python library prior to 22.11.0. An attacker with a known valid invite link could manipulate a cookie to reuse the same invite across multiple accounts when joining an organization, enabling creation of multiple users and unauthorized organization membership. The...

PT-2022-16019 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 22.11.0 Description: Sentry is an error tracking and performance monitoring platform. An attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple account...

CVE-2022-4261

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

Design/Logic Flaw

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

PT-2022-36583 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.334 Description: The issue concerns the 9p/trans fd functionality, where it does not always use O NONBLOCK for read/write operations. This is an automated identification of a potential security issue, but t...

PT-2022-36065 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: A memory leak issue exists in the query regdb file function related to cfg80211, which is a part of the Linux Kernel's wifi functionality. The actual impact and potential for attack have not...

CVE-2022-3624

A memory leak flaw was found in the Linux kernel IPSec functionality. This issue could allow a local user to crash the system...

CVE-2022-20687

Multiple vulnerabilities in the Link Layer Discovery Protocol LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities a...

CVE-2022-39044

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

CVE-2022-39044

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

Denial of service

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

Command injection

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

PT-2022-26928 · Unknown · Udr-Ja1608 +2

Name of the Vulnerable Software and Affected Versions: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier Description: The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is due to a...

CVE-2022-39044

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between th...

NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1603 NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality MOV instruction index functionality of NVIDIA...

NVIDIA D3D10 Driver Shader Functionality DCL_INDEXRANGE instruction memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1604 NVIDIA D3D10 Driver Shader Functionality DCLINDEXRANGE instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality DCLINDEXRANGE instruction...

JreCMS 安全漏洞

JreCMS is a website builder from JreCMS Inc. A security vulnerability exists in JreCMS that stems from some unknown functionality in the component template management...

PT-2022-26598 · Facepay · Facepay

Name of the Vulnerable Software and Affected Versions: Facepay version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the userId argument leads to authorization...