4 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41173

https://notcve.org/view.php?id=CVE-2023-41173

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. • https://adguard-dns.io/en/versions.html#2.2 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-45770

https://notcve.org/view.php?id=CVE-2022-45770

Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. • https://github.com/Marsel-marsel/CVE-2022-45770 https://adguard.com/en/versions/windows/release.html#version-71140780 https://hackmag.com/security/aguard-cve https://xakep.ru/2023/01/27/aguard-cve • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 2

CVE-2022-32175 – AdGuardHome - CSRF

https://notcve.org/view.php?id=CVE-2022-32175

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. En AdGuardHome, versiones v0.95 hasta v0.108.0-b.13, son vulnerables a un ataque de tipo Cross-Site Request Forgery (CSRF), en la funcionalidad custom filtering rules. Un atacante puede persuadir a un usuario autorizado para que siga un enlace malicioso, resultando en una eliminación/modificación de las reglas de filtrado personalizadas • https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265 https://www.mend.io/vulnerability-database/CVE-2022-32175 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27935

https://notcve.org/view.php?id=CVE-2021-27935

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. Se detectó un problema en AdGuard anterior a la versión 0.105.2. Un atacante capaz de obtener la cookie del usuario puede forzar su contraseña fuera de línea, porque el hash de la contraseña es almacenado en la cookie • https://github.com/AdguardTeam/AdGuardHome/issues/2470 • CWE-522: Insufficiently Protected Credentials •