Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

CVE-2022-27152: GitHub - llamasoft/RootMyRoku: A persistent root jailbreak for most Roku devices.

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.

CVE
Open in Source
#vulnerability#mac#linux#git#perl#telnet#wifi
CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2021-40052: March

There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.

CVE-2021-3752: [PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested()

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-21966: TALOS-2021-1393 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-21966: TALOS-2021-1393 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-39658: Android Security Bulletin—February 2022  |  Android Open Source Project

ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207

CVE-2021-21968: TALOS-2021-1395 || Cisco Talos Intelligence Group

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE-2021-21964: TALOS-2021-1392 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.