π¨ CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
π@cveNotify
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
π@cveNotify
Mi
Xiaomi Security Center
Xiaomi Product Security Center provides users and partners of Xiaomi with detailed information on the security status of our smartphones and IoT products, including product security advisories and notices, security updates and support information, and securityβ¦
π¨ CVE-2023-26323
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
π@cveNotify
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
π@cveNotify
Mi
Xiaomi Security Center
Xiaomi Product Security Center provides users and partners of Xiaomi with detailed information on the security status of our smartphones and IoT products, including product security advisories and notices, security updates and support information, and securityβ¦
π¨ CVE-2023-26324
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
π@cveNotify
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
π@cveNotify
π¨ CVE-2023-0213
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
π@cveNotify
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
π@cveNotify
π¨ CVE-2023-0382
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
π@cveNotify
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
π@cveNotify
π¨ CVE-2023-0383
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
π@cveNotify
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
π@cveNotify
π¨ CVE-2023-0384
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption for a scheduled job.
π@cveNotify
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption for a scheduled job.
π@cveNotify
π¨ CVE-2023-2112
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
π@cveNotify
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
π@cveNotify
π¨ CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
π@cveNotify
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
π@cveNotify
π¨ CVE-2022-1606
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
π@cveNotify
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
π@cveNotify
π¨ CVE-2022-1911
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
π@cveNotify
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
π@cveNotify
π¨ CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
π@cveNotify
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
π@cveNotify
π¨ CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
π@cveNotify
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
π@cveNotify
π¨ CVE-2022-4858
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
π@cveNotify
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
π@cveNotify
π¨ CVE-2022-4861
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
π@cveNotify
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
π@cveNotify
π¨ CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.
This issue affects M-Files New Web: before 22.11.12011.0.
π@cveNotify
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.
This issue affects M-Files New Web: before 22.11.12011.0.
π@cveNotify
π¨ CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.
This issue affects M-Files New Web: before 22.12.12140.3.
π@cveNotify
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.
This issue affects M-Files New Web: before 22.12.12140.3.
π@cveNotify
π¨ CVE-2024-7269
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
π@cveNotify
cert.pl
Vulnerability in ConnX ESP HR Management software
Stored XSS vulnerability (CVE-2024-7269) has been found in ConnX ESP HR Management software.
π¨ CVE-2024-7608
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
π@cveNotify
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
π@cveNotify
π¨ CVE-2024-45346
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
π@cveNotify
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
π@cveNotify
Mi
Xiaomi Security Center
Xiaomi Product Security Center provides users and partners of Xiaomi with detailed information on the security status of our smartphones and IoT products, including product security advisories and notices, security updates and support information, and securityβ¦
π¨ CVE-2024-6449
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.
By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
π@cveNotify
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.
By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
π@cveNotify
cert.pl
Vulnerabilities in HyperView Geoportal Toolkit software
CERT Polska has received a report about 2 vulnerabilities (CVE-2024-6449 and CVE-2024-6450) found in HyperView Geoportal Toolkit software.