Skip to content

Instantly share code, notes, and snippets.

View khronokernel's full-sized avatar

Mykola Grymalyuk khronokernel

1.3k followers · 0 following
View GitHub Profile
@khronokernel
khronokernel / CVE-2024-25545.md
Last active April 15, 2024 02:27
Arbitrary Code Execution in Weave Desktop

CVE-2024-25545 - Arbitrary Code Execution in Weave Desktop

On January 9th, 2024, Weave was notified through their responsible disclosure system that Weave version 7.78.10 is vulnerable to arbitrary code execution and as of April 9th, 2024, is still vulnerable.

Note while Weave does list a paid bug bounty on their site, no compensation was given.

Affected Products

  • Weave Desktop
  • Affected: All current versions (7.78.10 through 7.84.1 confirmed)
@khronokernel
khronokernel / CVE-2023-50975.md
Last active February 21, 2024 21:03
Arbitrary Code Execution in TD Advanced Dashboard

CVE-2023-50975 - Arbitrary Code Execution in TD Advanced Dashboard

On December 12th, 2023, TD Bank was notified through their responsible disclosure system that TD Advanced Dashboard version 3.0.3 was vulnerable to arbitrary code execution.

Affected Products

  • TD Advanced Dashboard
    • Affected: 3.0.3 and older
  • Fixed: 3.0.4
@khronokernel
khronokernel / PCIe-TB3-NIC.md
Last active November 22, 2021 19:14
Thunderbolt Docks and associated Ethernet Controller