Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-1176: Loose comparison causes IDOR on multiple endpoints in livehelperchat

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

CVE
#vulnerability#web#mac#windows#apple#js#git
CVE-2022-28128: File encryption software for both Windows and macOS

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

CVE-2022-0998: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2022-0998: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2015-3298: SecurityAdvisory 2015-04-14

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.

CVE-2021-43721: Markdown type note XSS issue · Issue #364 · leanote/desktop-app

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>

CVE-2022-26252: Offensive Security’s Exploit Database Archive

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).

CVE-2022-27946: VUL/3.md at main · donothingme/VUL

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.

CVE-2022-27945: VUL/2.md at main · donothingme/VUL

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.

CVE-2022-27947: VUL/1.md at main · donothingme/VUL

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.