A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through ” /mgm_dev_reboot.asp.”
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for “WLAN SSID” through “wlwpa.asp”.
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through ” /mgm_dev_upgrade.asp ” which can “delete every file for Denial of Service (using ‘rm -rf *.*’ in the code), reverse connection (using ‘.asp’ webshell), backdoor.
OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on “/diag_ping_admin.asp” to “PingTest” interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.
A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the “mgm_config_file.asp” because of which attacker can create a crafted “csrf form” which sends ” malicious xml data” to “/boaform/admin/formMgmConfigUpload”. the exploit allows attacker to “gain full privileges” and to “fully compromise of router & network”.
grub2-2.06-13.fc35
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
grub2-2.06-56.fc36
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
It was discovered that Sysstat did not properly check bounds
when perfoming certain arithmetic operations on 32 bit systems.
An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
It was discovered that FreeRDP incorrectly handled certain data lenghts. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly obtain sensitive information.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
22.04 LTS. (CVE-2022-39282, CVE-2022-39283)
It was discovered that FreeRDP incorrectly handled certain data lenghts. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
CVE-2022-39320)
It was discovered that FreeRDP incorrectly handled certain path checks. A
malicious server could use this issue to cause FreeRDP clients to read
files outside of the shared directory. (CVE-2022-39347)
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)
