SKYLARK HOLDINGS CO., LTD. Security Vulnerabilities

CVE-2022-42780

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42771

In wlan driver, there is a race condition, This could lead to local denial of service in wlan...

CVE-2022-42766

In wlan driver, there is a possible missing permission check, This could lead to local information...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co. Ltd (CNVD-2023-81307)

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of...

CVE-2022-44429

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44430

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44421

In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information...

CVE-2022-44426

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-42772

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42767

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42764

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42760

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42757

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-39133

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42769

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42761

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42762

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42755

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-44446

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44432

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-42774

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42770

In wlan driver, there is a race condition, This could lead to local denial of service in wlan...

CVE-2022-42768

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42759

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42758

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-38675

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in...

CVE-2022-44431

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44427

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-42782

In wlan driver, there is a possible missing permission check, This could lead to local information...

CVE-2022-42781

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42779

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42773

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42763

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42765

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)

Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....

CVE-2021-44730

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and...

Arbitrary File Read Vulnerability in Reporter of Beijing Huaqing Xin'an Technology Co.

Beijing Huaqing Xinan Technology Co., Ltd. is a network security enterprise, a national high-tech enterprise and Zhongguancun high-tech enterprise. Reporter of Beijing Huaqing Xinan Technology Co., Ltd. has an arbitrary file reading vulnerability that can be exploited by attackers to obtain...

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted...

JVN#29195731: EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability (CWE-94) due to improper settings of the product's template engine "Twig". ## Impact Arbitrary code may be executed on the server where the product is running by a user with an...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co.

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of...

Cross site scripting

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785...

JVN#03447226: "Skylark" App fails to restrict custom URL schemes properly

"Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly (CWE-939) which may be exploited to direct the App to access any sites. ## Impact An arbitrary site may be...

Credit card skimming on the rise for the holiday shopping season

As we head into shopping season, customers aren't the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat we're following closely and expect to increase over the next several weeks is...

CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code...

CVE-2022-3059 SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

CVE-2022-39020 Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console (the Admin Console), a web-based application, was found to...

Who’s Behind the SWAT USA Reshipping Service?

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identity of "Fearlless,"....