Nguyen Hoang Thach

Pesquisador destarlabs
#10702de 53,638
25.8CVSS total
Vulnerabilidades · 3
Média
1
Alta
2
PT-2024-7216
10
2024-10-08
Google · Google Chrome · CVE-2024-9603
**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 129.0.6668.100 **Descrição** O problema está relacionado a uma confusão de tipos no componente V8 do Google Chrome, o que poderia permitir que um invasor remoto explorasse potencialmente uma corrupção de heap por meio de uma página HTML maliciosa. A gravidade desse problema é considerada alta. **Recomendações** Para versões do Google Chrome anteriores à 129.0.6668.100, atualize para uma versão corrigida para resolver o problema. Como solução temporária, considere evitar o uso de páginas HTML potencialmente vulneráveis até que a atualização seja aplicada.
PT-2023-21075
6.5
2023-04-14
Sonos · Sonos One Speaker · CVE-2023-27353
**Name of the Vulnerable Software and Affected Versions** Sonos One Speaker version 70.3-35220 **Description** This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the "msprox" endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of root. **Recommendations** For Sonos One Speaker version 70.3-35220, as a temporary workaround, consider restricting access to the "msprox" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2019-14977
9.3
2019-11-26
Tp Link · Tp-Link Tl-Wr841N · CVE-2019-17147
**Name of the Vulnerable Software and Affected Versions** TP-LINK TL-WR841N (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the web service, which listens on TCP port 80 by default. When parsing the `Host` request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this issue to execute code in the context of the admin user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.