2019 – TNT Sécurité

Archives de l'Année

1	2 Articles archivés
2
3
4
5
6
7
8
9
10
11
12

Articles récents
Search for:
Exploit Database
National Vulnerability Database
- CVE-2022-42484 30 janvier 2023
  An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2022-38451 30 janvier 2023
  A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2022-2988 30 janvier 2023
  A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC(V2.1.0 and prior), EcoStruxure Machine Expert â€“ HVAC(V1.4.0 and prior).
- CVE-2023-0474 30 janvier 2023
  Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
- CVE-2023-0472 30 janvier 2023
  Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Bugtraq
- APPLE-SA-2023-01-24-1 tvOS 16.3 27 janvier 2023
  Posted by Apple Product Security via Fulldisclosure on Jan 26APPLE-SA-2023-01-24-1 tvOS 16.3 tvOS 16.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213601. AppleMobileFileIntegrity Available for: Apple TV 4K (all models) and Apple TV HD Impact: An app may be able to access user-sensitive data Description: This issue was addressed […]
- [SYSS-2022-047] Razer Synapse - Local Privilege Escalation 27 janvier 2023
  Posted by Oliver Schwarz via Fulldisclosure on Jan 26Advisory ID: SYSS-2022-047 Product: Razer Synapse Manufacturer: Razer Inc. Affected Version(s): Versions before 3.7.0830.081906 Tested Version(s): 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation (CWE-295) Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02 Solution Date: 2022-09-06 Public Disclosure:...
- [RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin 26 janvier 2023
  Posted by RedTeam Pentesting GmbH on Jan 26RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript […]
- t2'23: Call For Papers 2023 (Helsinki, Finland) 24 janvier 2023
  Posted by Tomi Tuominen via Fulldisclosure on Jan 23Call For Papers 2023 Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for rain or slush. In […]
- Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm 24 janvier 2023
  Posted by Marco Ivaldi on Jan 23Hello again, Just a quick update. Mitre has assigned the following additional CVE IDs: * CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors * CVE-2023-24040 - Printer name injection and heap memory disclosure We have updated the advisory accordingly: https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt Regards, Marco