A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
Yearly Archives: 2023
CVE-2022-38452
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2022-37337
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-36429
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
CVE-2018-25082
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
xen-4.17.0-8.fc38
FEDORA-2023-703f133eb3
Packages in this update:
xen-4.17.0-8.fc38
Update description:
3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]
moodle-3.11.13-1.fc36
FEDORA-2023-d9c13996b2
Packages in this update:
moodle-3.11.13-1.fc36
Update description:
Fixes for multiple CVEs.
Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa
The scam targeted more than 40 well-known brands from 13 countries in the MEA region
CommonMagic Targets Entities in Russo-Ukrainian Conflict Zone
Administrative, agriculture and transportation firms targeted in Donetsk, Luhansk and Crimea
Hackers Use NuGet Packages to Target .NET Developers
JFrog said this is the first instance of packages with malicious code in NuGet