TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. Date published : 2022-03-28 https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/tp-link%20tl-wr840n_X_TP_ClonedMACAddress%3D.pdf
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. Date published : 2022-03-28 https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/tp-link%20tl-wr840n_httpRemotePort%3D.pdf
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. Date published : 2022-03-28 https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/tp-link%20tl-wr840n_minAddress%3D.pdf
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. Date published : 2022-03-28 https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/tp-link%20tl-wr840n_DNSServers%3D.pdf
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Date published : 2022-03-28 https://github.com/riscv-boom/riscv-boom/issues/577
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. Date published...
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Date published : 2022-03-28 https://github.com/libarchive/libarchive/issues/1672
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. Date published : 2022-03-28 https://github.com/pllrry/Tenda-AC9-V15.03.2.21_cn-Command-Execution-Vulnerability/tree/main/Tenda-AC9
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. Date published : 2022-03-28 https://github.com/nsbogam/CVE-2022-26269/blob/main/README.md https://www.marutisuzuki.com/
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the...
UNNO v03.11.00 was discovered to contain access control issue. Date published : 2022-03-28 http://unno.com https://medium.com/@dnyaneshgawande111/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-network-video-5490d107fa0
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. Date published : 2022-03-28 https://github.com/abhiunix/goo-blog-App-CVE
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS...
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries....