433 matches found
Huawei EMUI/Magic UI business logic error vulnerability
Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to business logic errors, which can be exploited by attackers to cause personal information leakage...
CVE-2021-22308
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...
CVE-2021-22308
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...
Design/Logic Flaw
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...
CVE-2021-22308
CVE-2021-22308 affects Huawei EMUI/Magic UI on Huawei smartphones, involving a business logic error that allows malicious apps to continuously capture screenshots in the background, potentially leaking personal information. The reports describe the vulnerability as a local issue with low official...
CVE-2021-22308
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...
Huawei EMUI/Magic UI 安全漏洞
Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to business logic errors, which can be exploited by attackers to cause personal information leakage...
OpenMage: Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts.
Summary: We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains malware or...
Nextcloud: [nextcloud.com] Control character allowed in Submit Question
Issue descriptions We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains...
SUSE-SU-2021:0097-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-20934: Fixed a use-after-free in shownumastats because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c bsc1179663. -...
Vulnerability of the /processReportGetter.php component of the KTS “Mayak” system, which allows a hacker to gain access to and read arbitrary files.
The vulnerability of the /processReportGetter.php component of the KTS “Mayak” is related to errors in the logic of the web application’s operation. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to and read arbitrary files...
Business Logic Errors in braitsch/node-login
Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...
: Parallels RAS OS Command Execution
1. Advisory Information Title : Parallels RAS OS Command Execution Advisory ID : CORE-2020-0011 Advisory URL:https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution Date published : 2020-07-23 Date of last update : 2020-07-21 Vendors contacted : Parallels Release mode...
Siemens SIMOTICS, Desigo, APOGEE, and TALON
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: SIMOTICS, Desigo, APOGEE, and TALON Vulnerability: Business Logic Errors 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
Node.js third-party modules: Prototype pollution attack (lodash)
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype. Module module name: lodash version: 4.17.15 npm page: https://www.npmjs.com/package/lodash Module Description A modern JavaScript utility library delivering...
CVE-2014-0147
CVE-2014-0147 affects QEMU before 1.6.2, where a logic error with signed data types during QCOW2 snapshot creation (impacting QCOW2 and disk image formats used by Bochs) can cause a crash by incorrectly calling update_refcount(). Root cause is a signed data type/logical error in snapshot handling...
CVE-2019-11156
Logic errors in IntelR PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access...
Information disclosure
Logic errors in IntelR PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access...
CVE-2019-11156
Summary: CVE-2019-11156 affects Intel PROSet/Wireless WiFi Software before version 21.40. The issue is described as logic errors that may allow an authenticated, local attacker to escalate privileges, cause a denial of service, and disclose information. Affected software: Intel PROSet/Wireless Wi...
CVE-2019-11156
Logic errors in IntelR PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access...