PT-2022-5529 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...

PT-2022-5480 · Tp Link · Tp-Link Tl-Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841N versions TL-WR841NUS V14 220121 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34901

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

UBUNTU-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

PT-2022-5537 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: The issue is related to the handling of SetWebFilterSetting requests in the web management portal of D-Link DIR-1935 routers. Specifically, when parsing the WebFilterURLs element, the process does not...

UBUNTU-CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

CVE-2022-30234

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

PT-2022-13923 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.5.12 Description: The issue allows an authenticated remote attacker with low privileges to execute arbitrary code under root context. This is due to a command injection vulnerability in the GitHub...

TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 version has a command injection vulnerability, which can be exploited by attackers to remotely execute code as root via MitM attack...

TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...

NETGEAR R6700v3 Information Disclosure Vulnerability

NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual Band Gigabit Router from Netgear USA. The NETGEAR R6700v3 suffers from an information disclosure vulnerability that stems from a specific flaw in the httpd service, where string matching logic is incorrect when accessing a protected page. An...

Netatalk 安全漏洞

Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack-based...

NETGEAR R6700v3 授权问题漏洞

The NETGEAR R6700v3 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. An authorization issue vulnerability exists in NETGEAR R6700v3 version 1.0.4.12010.0.91. An attacker can exploit this vulnerability to trigger a fixed-length...

CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

UBUNTU-CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

UBUNTU-CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

PT-2022-15868 · Netatalk +3 · Netatalk +3

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists...