CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

CVE-2025-12344

Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...

PT-2025-44082

Name of the Vulnerable Software and Affected Versions Yonyou U8 Cloud versions prior to 5.1sp Description A flaw exists in Yonyou U8 Cloud that allows for unrestricted file upload. This issue stems from manipulation of the ts/sign argument within a request header handled by an unknown function in...

Yonyou U8 Cloud 代码问题漏洞

Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A code issue vulnerability exists in Yonyou U8 Cloud 5.1sp and earlier versions, which stems from incorrect manipulation of the parameter ts/sign in the file/service/NCloudGatewayServlet, which...

SUSE CVE-2025-38651

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix warning from KUnit tests getidrange expects a positive value as first argument but getrandomu8 can return 0. Fix this by clamping it. Validated by running the test in a for loop for 1000 times. Note that MAX is wron...

File Upload Vulnerability in UFIDA U8+ at UFIDA Network Technology Co.

UFIDA U8+ is a complete enterprise-level ERP software. A file upload vulnerability exists in UFIDA U8+, which can be exploited by attackers to upload malicious files and gain server privileges...

SQL Injection Vulnerability in UFIDA U8+CRM at UFIDA Network Technology Co.

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A SQL injection...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

SQL Injection Vulnerability in UFIDA U8 CRM at UFIDA Network Technology Co.

UFIDA U8 CRM is a customer relationship management solution from UFIDA. A SQL injection vulnerability exists in UFIDA U8 CRM, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

RUSTSEC-2024-0426 Unsound usages of `u8` type casting

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a set of enterprise Internet application design concepts based on Internet application, business collaboration, and network transactions, providing growing enterprises with a cloud ERP total solution integrating people, property and customers, production, supply and marketing. A SQL...

UFIDA Network Technology Corporation U8+ CRM has a logic flaw vulnerability

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A logic flaw...

CVE-2024-53055 wifi: iwlwifi: mvm: fix 6 GHz scan construction

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8,...

CVE-2022-48947

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...

CVE-2022-48947

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...

CVE-2022-48947 Bluetooth: L2CAP: Fix u8 overflow

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...

CVE-2022-48947

CVE-2022-48947 is a Linux kernel vulnerability related to Bluetooth L2CAP u8 overflow. By repeatedly sending L2CAP_CONF_REQ, chan->num_conf_rsp could wrap at 255. The fix adds a boundary check using L2CAP_MAX_CONF_RSP to prevent overflow. Connected advisories (e.g., Unity Linux/Astra Linux ent...

CVE-2022-48947 Bluetooth: L2CAP: Fix u8 overflow

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...