Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-26533: Alist has Cross Site Scripting (XSS) vulnerability · Issue #645 · Xhofe/alist

Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.

CVE
#xss#vulnerability#apple#git
CVE-2022-23625: fix: remove sensitive info SQCORE-1246 (#241) · wireapp/wire-ios-transport@02e90aa

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

CVE-2022-25554: IoT-CVE/Tenda/AX1806/10 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter.

CVE-2022-25553: IoT-CVE/Tenda/AX1806/7 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter.

CVE-2022-25552: IoT-CVE/Tenda/AX1806/3 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

CVE-2022-25550: IoT-CVE/Tenda/AX1806/9 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter.

CVE-2022-25551: IoT-CVE/Tenda/AX1806/8 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.

CVE-2022-25546: IoT-CVE/Tenda/AX1806/6 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.

CVE-2022-25549: IoT-CVE/Tenda/AX1806/4 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.

CVE-2022-25558: IoT-CVE/Tenda/AX1806/13 at main · sec-bin/IoT-CVE

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.