CVE-2022-37081 TOTOLINK A7000R V9.1.0u.6115 contains a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
This issue can be exploited by an attacker by passing the following request to the targeted Apache server:
POST /cgi-bin/setTracerouteCfg HTTP/1.0 Host:
CVE-2022-2603 An attacker could exploit heap corruption in Google Chrome after 104.0.5112.79 to gain remote access.
CVE-2018-6074 An issue was discovered with Page Actions in Google Chrome prior to version 104.0.5114.17. If a user had previously clicked on
CVE-2022-2163 An attacker who convinced a user to install a malicious extension could exploit heap corruption after an attack.
An attacker could also convince a user to install a malicious extension, thus potentially compromising the user's system. After the user interacted with
CVE-2022-2481 After free attack in Views in 103.0.5060.134 allowed a remote attacker to exploit heap corruption.
CVE-2016-5124 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can overwrite the extension's search path value, allowing
CVE-2022-2296 After free in Chrome OS Shell prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption.
This issue was addressed by disabling after_free in the UI. For users who are interacting with sites that are explicitly vulnerable to this issue,
Episode
00:00:00
00:00:00