Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-3527

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability.

CVE
#vulnerability#linux
CVE-2022-3526

A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.

MiniDVBLinux 5.4 Arbitrary File Read Vulnerability

The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability

The application suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root, through the 'command' GET parameter in /tpl/commands.sh.

MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability

The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability

The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

MiniDVBLinux 5.4 Change Root Password PoC

The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit

The application allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.

MiniDVBLinux 5.4 Config Download Exploit

The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

CVE-2022-3524

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.