Tagged: Cybersecurity Alert

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background color) parameter is accepted...

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet...

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size...

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the...

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer’s podGCFromPod() function causes a controller-wide panic when...

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-week-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-interval-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-ttl-way-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-dhcp-mtu-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-hour-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-mode-cmd-injection

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. More information : https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-rechour-cmd-injection

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent...

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...