Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32292: Invalid Bug ID

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE
#web#buffer_overflow

‘1200189?cve=title’ is not a valid bug number nor an alias to a bug.

Please press Back and try again.

Related news

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

Ubuntu Security Notice USN-6236-1

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907