Skip to main content
CVE-2022-27947 HIGH POC This Week

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R8500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-27946 HIGH POC This Week

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R8500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-27945 HIGH POC This Week

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R8500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-1071 HIGH POC PATCH This Week

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Mruby
NVD GitHub
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-27942 HIGH POC This Week

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27941 HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27940 HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27938 MEDIUM POC This Month

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-27943 MEDIUM POC This Month

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gcc Fedora
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-27939 MEDIUM POC This Month

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy