TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 version has a command injection vulnerability, which can be exploited by attackers to remotely execute code as root via MitM attack...

TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...

NETGEAR R6700v3 Information Disclosure Vulnerability

NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual Band Gigabit Router from Netgear USA. The NETGEAR R6700v3 suffers from an information disclosure vulnerability that stems from a specific flaw in the httpd service, where string matching logic is incorrect when accessing a protected page. An...

NETGEAR R6700v3 授权问题漏洞

The NETGEAR R6700v3 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. An authorization issue vulnerability exists in NETGEAR R6700v3 version 1.0.4.12010.0.91. An attacker can exploit this vulnerability to trigger a fixed-length...

Netatalk 安全漏洞

Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack-based...

CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

UBUNTU-CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

UBUNTU-CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

PT-2022-15867 · Netatalk +3 · Netatalk +3

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists...

PT-2022-15868 · Netatalk +3 · Netatalk +3

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists...

AZL-37070 CVE-2022-0811 affecting package cri-o for versions less than 1.22.3-1

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

Bug fixes in Cisco NX-OS

Cisco has fixed several vulnerabilities in NX-OS for various platforms. A malicious party could exploit the vulnerabilities to cause a denial-of-service or, in specific configurations, execute arbitrary code with root privileges. No prior authentication is necessary. The vulnerable services, Cisc...

CVE-2022-24354

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.591035553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The...

CVE-2022-24354

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.591035553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The...

CVE-2022-24046

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 S2 systems and 11.2.13 build 57923290 S1 systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd...

Sonos One Speaker 缓冲区错误漏洞

Sonos One Speaker is a smart speaker by Sonos, Inc. Sonos One Speaker suffers from a buffer error vulnerability that stems from a lack of proper validation of the length of user-supplied data before copying it into a stack-based buffer. An attacker could use this vulnerability to execute code in...

Sonos One Speaker 数字错误漏洞

Sonos One Speaker is a smart speaker from Sonos USA. The Sonos One Speaker suffers from a numeric error vulnerability that stems from a lack of proper validation of user-supplied data, which could result in an integer underflow before writing to memory. An attacker can exploit this vulnerability ...

TP-LINK AC1750 缓冲区错误漏洞

The TP-LINK AC1750 is a wireless router from China P&L TP-LINK. A buffer error vulnerability exists in the TP-Link AC1750 version 1.1.4 Build 20211022 rel.59103, which stems from a lack of proper validation of user-supplied data, which could result in reading beyond the end of an allocated buffer...

Tp-link TP-Link TL-WR940N 安全漏洞

Tp-link TP-Link TL-WR940N is a wireless router from China P&L Tp-link. The TP-Link TL-WR940N suffers from a buffer overflow vulnerability that stems from a lack of proper validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer. An attacker could...

USN-5260-3 samba vulnerability

USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issu...