CVE-2022-0485 A bug in libnbd copy tool nbdcopy could cause it to copy files using asynchronous calls even if an error occurred. This could lead to data loss.
The first known instance of this issue was reported on June 1st, 2017, and patches were published on June 10th, 2017. libnbd was updated on
CVE-2022-25644 Package @pendo324/get-process-by-name is vulnerable to Arbitrary Code Execution due to improper sanitization.
To exploit this issue, an attacker needs to construct a malicious .js file and feed it to a user. This can be done by uploading
CVE-2022-36614 Totolink A860R v4.1.2cu.5182_B20201027 had a hardcoded password for root at /etc/shadow.sample.
A hardcoded password, such as this one, is a very bad sign. It means that the device was probably developed by a third party. The
CVE-2022-31499 An attacker can inject OS commands into E3-Series devices before 0.32-08f.
This issue has been assigned the CVE identifier CVE-2019-7256. In the above-mentioned devices, there is a race condition in the handling of the PRN bit
CVE-2022-37333 An injection vulnerability in Exment (PHP8, 7, and 2.5) allows remote attackers to inject arbitrary web
users.
The SQL injection flaw was discovered by Tavis Ormandy of Google. The problem resides in the Exment's integration with the Laravel ecosystem. This
Episode
00:00:00
00:00:00