Cybersecurity Alerts

Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.