This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-415: (Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-414: (Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.
ZDI-22-413: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.
ZDI-22-412: (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-411: (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
DSA-5085 expat – security update
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
USN-5293-1: c3p0 vulnerability
Aaron Massey discovered that c3p0 could be made to crash when
parsing certain input. An attacker able to modify the application’s
XML configuration file could cause a denial of service.
USN-5288-1: Expat vulnerabilities
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code.
vim-8.2.4428-1.fc34
FEDORA-2022-7ef65e6444
Packages in this update:
vim-8.2.4428-1.fc34
Update description:
Security fix for CVE-2022-0696
Security fix for CVE-2022-0629
Security fix for CVE-2022-0572
Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443