CVE-2022-39264 nheko is a desktop client for the Matrix application. Versions below 0.10.2 are vulnerable to secrets being inserted that could lead to man-in-the-middle attacks.
The Matrix team published a patch, which should be applied as soon as possible. The main reason why this discovery is so important is that
CVE-2022-40630 The Tacitine Firewall web-based management interface has a session management vulnerability that can be exploited.
Additionally, an attacker could send a specially crafted http request to the targeted device on a specific port and perform a Denial of Service attack
CVE-2022-37234 The Netgear Nighthawk R7000-V1.0.11.134_10.2.119 is vulnerable to a buffer overflow via the wl binary.
A remote user or attacker can send a specially crafted HTTP request to the wl binary, causing the wl binary to crash and resulting in
CVE-2022-26696 An issue was fixed in macOS Monterey 12.4 that improved environment sanitization.
A sandbox restricts the process’s access to the system, including access to files. Sandboxing can be circumvented by a process.
This issue was addressed
CVE-2022-3218 The WiFi Mouse authentication mechanism is trivially bypassed, which can result in remote code execution.
This is made possible by the fact that the WiFi Mouse (Mouse Server) provides no authentication mechanism to prevent attackers from simply modifying the HTTP
Episode
00:00:00
00:00:00