‼️CVE-2023-48360‼️
📖 Read more
Via "National Vulnerability Database"
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49135‼️
📖 Read more
Via "National Vulnerability Database"
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49142‼️
📖 Read more
Via "National Vulnerability Database"
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-47858‼️
📖 Read more
Via "National Vulnerability Database"
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET apiv4teamschannelsdeleted endpoint. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-48732‼️
📖 Read more
Via "National Vulnerability Database"
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50333‼️
📖 Read more
Via "National Vulnerability Database"
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6693‼️
📖 Read more
Via "National Vulnerability Database"
A stack based buffer overflow was found in the virtionet device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the outsg variable could be used to read a part of process memory and send it to the wire, causing an information leak.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6436‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template through 20231215. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2015-10128‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in rtprettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royalprettyphotopluginlinks of the file rtprettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB249422 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2017-20188‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in Zimbra zmajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRootjsajaxdwtxformsXFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB249421 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0188‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB249501 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2018-25097‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB249420.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-4280‼️
📖 Read more
Via "National Vulnerability Database"
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0189‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB249502 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0193‼️
📖 Read more
Via "National Vulnerability Database"
A useafterfree flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbagecollected when the pipapo set is removed, the element can be deactivated twice. This can cause a useafterfree issue on an NFTCHAIN object or NFTOBJECT object, allowing a local unprivileged user to escalate their privileges on the system.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-3010‼️
📖 Read more
Via "National Vulnerability Database"
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-48419‼️
📖 Read more
Via "National Vulnerability Database"
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7192‼️
📖 Read more
Via "National Vulnerability Database"
A memory leak problem was found in ctnetlinkcreateconntrack in netnetfilternfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0190‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file addquiz.php of the component Quiz Handler. The manipulation of the argument Quiz TitleQuiz Description with the input alertx leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249503.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49794‼️
📖 Read more
Via "National Vulnerability Database"
KernelSU is a Kernelbased root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50711‼️
📖 Read more
Via "National Vulnerability Database"
vmmsysutil is a collection of modules that provides helpers and utilities used by multiple rustvmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapperdeserialize implementation provided by the crate for vmmsysutilfamFamStructWrapper can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rustsafe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rustunsafe code. This ensures that users cannot trigger outofbounds memory access from Rustsafe code.📖 Read more
Via "National Vulnerability Database"