ZDI-22-413: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in...
ZDI-22-412: (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged...
ZDI-22-411: (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing...
DSA-5085 expat – security update
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary...
USN-5293-1: c3p0 vulnerability
Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could...
USN-5288-1: Expat vulnerabilities
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Read...
vim-8.2.4428-1.fc34
FEDORA-2022-7ef65e6444 Packages in this update: vim-8.2.4428-1.fc34 Update description: Security fix for CVE-2022-0696 Security fix for CVE-2022-0629 Security fix for CVE-2022-0572 Security fixes for CVE-2022-0408, CVE-2022-0413,...
vim-8.2.4428-1.fc35
FEDORA-2022-8622ebdebb Packages in this update: vim-8.2.4428-1.fc35 Update description: The newest upstream commit Security fix for CVE-2022-0629 Read More
CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded...
CVE-2021-24921
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to...