MD-404AA, MD-808AA Security Vulnerabilities

CVE-2024-4588 DedeCMS mytag_add.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and....

CVE-2024-4587 DedeCMS tpl.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2024-4586 DedeCMS shops_delivery.php cross-site request forgery

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2024-4585

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and....

CVE-2024-4585

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and....

CVE-2024-4585 DedeCMS member_type.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and....

CVE-2024-4585 DedeCMS member_type.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and....

CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after...

CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after...

CVE-2024-3758

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer...

CVE-2024-3757

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer...

CVE-2024-3757

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer...

CVE-2024-3758

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer...

CVE-2024-27217

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after...

CVE-2024-27217

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after...

CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer...

CVE-2024-31078

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer...

CVE-2024-31078

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer...

CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer...

CVE-2024-3759 Hmdfs has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after...

CVE-2024-3759 Hmdfs has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after...

CVE-2024-3758 Hmdfs has a heap buffer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer...

CVE-2024-3757 Arkcompiler runtime has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer...

CVE-2024-3757 Arkcompiler runtime has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer...

CVE-2024-31078 Bluetooth Service has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer...

CVE-2024-31078 Bluetooth Service has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer...

CVE-2024-23808 Arkcompiler ets frontend has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer...

CVE-2024-27217 MSDP has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after...

CVE-2024-34315

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1490-1)

The remote host is missing an update for...

Debian: Security Advisory (DSA-5681-1)

The remote host is missing an update for the...

CVE-2024-34315

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

Debian: Security Advisory (DSA-5680-1)

The remote host is missing an update for the...

SUSE: Security Advisory (SUSE-SU-2024:1450-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1451-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1466-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1480-1)

The remote host is missing an update for...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...

[SECURITY] [DSA 5681-1] linux security update

Debian Security Advisory DSA-5681-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-6270 CVE-2023-7042...

[SECURITY] [DSA 5680-1] linux security update

Debian Security Advisory DSA-5680-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2024-26605 CVE-2024-26817...

CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-33829

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-33829

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-4528

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can...

CVE-2024-4528

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can...

CVE-2024-4528 SourceCodester Prison Management System user-record.php cross site scripting

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can...

Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5680 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a...