Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE
#vulnerability#mac#apple#git#rce#perl#samba#buffer_overflow#auth#zero_day
CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE-2021-44683: Multiple Address Bar Spoofing Flaws in Mobile Browsers - Cyber Citadel

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.

CVE-2021-45757: GitHub - IBUILI/Asus

ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).

CVE-2021-40662: Security issues - Chamilo LMS

A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.

CVE-2021-38745: Security issues - Chamilo LMS

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.

CVE-2022-25766: Fix potential remote code exec by jung-kim · Pull Request #1510 · FredrikNoren/ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.

CVE-2022-26555: There is a stored xss vulnerability exists in eova · Issue #I4VRE9 · EOVA/eova - Gitee.com

A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.

CVE-2022-26247: There is a Insecure Permissions vulnerability exists in tms · Issue #16 · xiweicheng/tms

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.

CVE-2022-26246: There is a cross site scripting vulnerability exists in tms · Issue #15 · xiweicheng/tms

TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.