CVE-2022-31898

CVE-2022-31898 affects GL.iNet GL-MT300N-V2 Mango (v3.212) and GL-AX1800 Flint (v3.214). The issue is described as multiple command-injection vulnerabilities exploitable via the ping_addr and trace_addr parameters. Reported impact in the CVE metrics indicates high confidentiality, integrity, and ...

PT-2022-26225 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System

Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns command injection vulnerabilities in the ping and traceroute tools of the system, allowing attackers to read arbitrary files on the system...

PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1

Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...

UBUNTU-CVE-2022-3567

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the...

CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

UBUNTU-CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

ASB-A-112551163

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation...

inet-sochi.ru Cross Site Scripting vulnerability OBB-2618793

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2022-4538 · General Electric · Inet +4

Name of the Vulnerable Software and Affected Versions: General Electric Renewable Energy iNET versions prior to 8.3.0 General Electric Renewable Energy iNET II versions prior to 8.3.0 General Electric Renewable Energy SD versions prior to 6.4.7 General Electric Renewable Energy TD220X versions...

PT-2023-5341 · Glibc +9 · Glibc +9

Name of the Vulnerable Software and Affected Versions: glibc affected versions not specified Description: A flaw was found in glibc, where the gaih inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is...

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 a...

GSD-2021-1002822 inet: fully convert sk->sk_rx_dst to RCU rules

inet: fully convert sk-skrxdst to RCU rules This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.12 by commit...

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...

PT-2021-1504 · Google +6 · Android Kernel +6

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to the implementation of the ip check mc rcu function in the Inet Sockets component of the Android kernel, which involves the use of memory after it has...

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization RICO charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. T...

CVE-2020-28150

I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect...

DEBIAN-CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...