Category Archives: Advisories

Read Time:8 Second

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-415: (Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability

February 22, 2022

Read Time:10 Second

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

ZDI-22-414: (Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability

February 22, 2022

Read Time:7 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-413: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability

February 22, 2022

Read Time:11 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.

Advisories

ZDI-22-412: (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability

February 22, 2022

Read Time:11 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-411: (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability

February 22, 2022

Read Time:9 Second

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

DSA-5085 expat – security update

February 22, 2022

Read Time:10 Second

Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.

Advisories

USN-5293-1: c3p0 vulnerability

February 21, 2022

Read Time:9 Second

Aaron Massey discovered that c3p0 could be made to crash when
parsing certain input. An attacker able to modify the application’s
XML configuration file could cause a denial of service.

Advisories

USN-5288-1: Expat vulnerabilities

February 21, 2022

Read Time:7 Second

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code.

Advisories

vim-8.2.4428-1.fc34

February 21, 2022

Read Time:15 Second

FEDORA-2022-7ef65e6444

Packages in this update:

vim-8.2.4428-1.fc34

Update description:

Security fix for CVE-2022-0696

Security fix for CVE-2022-0629

Security fix for CVE-2022-0572

Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443

News, Advisories and much more

Exit mobile version

Cyber Security News

Category Archives: Advisories

ZDI-22-416: (Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability

ZDI-22-415: (Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability

ZDI-22-414: (Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-22-413: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability

ZDI-22-412: (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability

ZDI-22-411: (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability

DSA-5085 expat – security update

USN-5293-1: c3p0 vulnerability

USN-5288-1: Expat vulnerabilities

vim-8.2.4428-1.fc34

FEDORA-2022-7ef65e6444

Packages in this update:

Update description:

News, Advisories and much more