Cve.report April 2024 Coupon Codes

CVE-2023-28081 : A bytecode optimization bug in Hermes prior to commit could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this ...

Posted 11 months ago (18 May 2023)

CVE-2023-26602 : ASUS iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution....

Posted 1 year ago (26 February 2023)

CVE-2022-32470 : An issue was discovered in Insyde with #kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corrupt...

Posted 1 year ago (14 February 2023)

CVE-2022-32953 : An issue was discovered in Insyde with #kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM...

Posted 1 year ago (14 February 2023)

CVE-2022-32474 : An issue was discovered in Insyde with #kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to...

Posted 1 year ago (14 February 2023)

CVE-2022-34885 : An improper input sanitization vulnerability in the Motorola router could allow a local user with elevated permissions to execute arbitrary code....

Posted 1 year ago (30 January 2023)

According to the source code, it seems that the i915 TLB flush has not been handled very well for a long time, crashes (very easy), memory leak: easy () with malicious code, privilege scalation (difficult). 1of2

Posted 1 year ago (16 January 2023)

CVE-2022-42276 : NVIDIA DGX contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of servic...

Posted 1 year ago (12 January 2023)

CVE-2022-43971 : An arbitrary code exection vulnerability exists in Linksys Wireless-AC Universal Media Connector with firmware <= 1.0.02 build3 . The do_setNTP function within the httpd binary uses unvalidated user input in the...

Posted 1 year ago (09 January 2023)

CVE-2022-43973 : An arbitrary code execution vulnerability exisits in Linksys Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the constructi...

Posted 1 year ago (09 January 2023)

CVE-2022-24118 : Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, before 2.0....

Posted 1 year ago (26 December 2022)

CVE-2022-35407 : An issue was discovered in Insyde with #kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certa...

Posted 1 year ago (21 November 2022)

CVE-2022-35897 : An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde with #kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overfl...

Posted 1 year ago (21 November 2022)

CVE-2020-21016 : D-Link DIR-846 devices with firmware allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php....

Posted 1 year ago (31 October 2022)

CVE-2022-42719 : A use-after-free in the stack when parsing a multi-BSSID element in the #Linux #kernel 5.2 through 5.19.14 could be used by attackers able to inject WLAN frames to crash the kernel and potentially execute code....

Posted 2 years ago (13 October 2022)

CVE-2022-31029 : AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert "" </script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> or clickin...

Posted 2 years ago (07 July 2022)

CVE-2022-21504 : The code in U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another...

Posted 2 years ago (14 June 2022)

CVE-2022-29506 : Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor '' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a use...

Posted 2 years ago (14 June 2022)

CVE-2022-29522 : Use after free vulnerability exists in the simulator module contained in the graphic editor '' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a ...

Posted 2 years ago (14 June 2022)

CVE-2022-1107 : A potential vulnerability due to use of Boot Services in the SMI handler in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code....

Posted 2 years ago (22 April 2022)

CVE-2021-40401 : A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execut...

Posted 2 years ago (04 February 2022)

CVE-2022-23603 : iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit user input is not properly sanitized and code injection is possible. Users are advised to upgra...

Posted 2 years ago (01 February 2022)

CVE-2021-43298 : The code that performs password matching when using '' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP b...

Posted 2 years ago (25 January 2022)

CVE-2021-43297 : A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use as the default serialization/deserialization pro...

Posted 2 years ago (10 January 2022)