Monthly Archive: March 2022

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may...

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. Date published : 2022-03-23 https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing...

The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. Date published : 2022-03-23 https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_uploadAccessCodePic/M3_uploadAccessCodePic.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_SetInternetLanInfo/M3_SetInternetLanInfo.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_SetLanInfo/M3_SetLanInfo.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_setWorkmode/M3_setWorkmode.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_setPicListItem/M3_setPicListItem.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_setAdInfoDetail/M3_setAdInfoDetail.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_uploadWeiXinPic/M3_uploadWeiXinPic.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_delAd/M3_delAd.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_setFixTools/M3_setFixTools.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_WriteFacMac/M3_WriteFacMac.md

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. Date published : 2022-03-23 https://github.com/GD008/vuln/blob/main/tenda_M3_exeCommand/M3_exeCommand.md