CVE-2022-48947 Bluetooth: L2CAP: Fix u8 overflow

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...

File upload vulnerability exists in U8+CRM of UFIDA Network Technology Co.(CNVD-2024-39247)

U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A file upload vulnerabili...

SQL Injection Vulnerability in UFIDA U8+CRM of UFIDA Network Technology Co. Ltd (CNVD-2024-38489)

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A SQL injection...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-37307)

U8 Cloud is an enterprise-class ERP used to help companies achieve efficient and digital business collaboration and process management. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by remote attackers to submit a special request and obtain sensitive database...

RUSTSEC-2024-0359 The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-36940)

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-34008)

U8 cloud is a new-generation cloud ERP launched by UFIDA, focusing on growing and innovative enterprises and providing enterprise-level cloud ERP solutions. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to obtain sensitive information from the databas...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-33023)

U8 cloud is a new-generation cloud ERP launched by UFIDA, focusing on growing and innovative enterprises and providing enterprise-level cloud ERP solutions. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to obtain sensitive information from the databas...

File Upload Vulnerability in UFIDA U8+CRM at UFIDA Network Technology Co.

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A file upload...

Information leakage vulnerability in UFIDA U8+CRM of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-22710)

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-22713)

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

Command execution vulnerability exists in UFIDA U8 Cloud (CNVD-2023-91638)

UFIDA Network Technology Corporation is an enterprise cloud services and software provider. A command execution vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to execute arbitrary commands...

cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

RUSTSEC-2023-0046 Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

SQL Injection Vulnerability in UFIDA GRP-U8 (CNVD-2023-58024)

UFIDA GRP-U8 is a government financial management software. A SQL injection vulnerability exists in UFIDA GRP-U8, which can be exploited by attackers to obtain sensitive information from the database...

Deserialization Vulnerability in U8 Cloud of UFIDA Network Technologies Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A deserialization vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to remotely execute commands...

GSD-2023-1000106 Bluetooth: L2CAP: Fix u8 overflow

Bluetooth: L2CAP: Fix u8 overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.85 by commit 19a78143961a197de8502f4f29c453b913dc3c29. F...

Command Execution Vulnerability in UFIDA GRP-U8 (CNVD-2023-02755)

UFIDA GRP-U8 is a new generation product launched by UFIDA focusing on the national e-government business and based on cloud computing technology, which is the government financial management software in the field of finance for administrative undertakings in China. A command execution...