PT-2024-3581 · Lenovo · Thinkagile +3

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem, ThinkAgile, NeXtScale, and Lenovo CP-CB-10 affected versions not specified SMM/SMM2 and FPC affected versions not specified Description: A command injection issue was identified in the System Management Module SMM/SMM2 and...

PT-2024-3582 · Lenovo · Thinkagile +3

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem, ThinkAgile, NeXtScale, and Lenovo CP-CB-10 affected versions not specified Description: The issue is related to an authentication bypass vulnerability in the System Management Module SMM/SMM2 and Fan Power Controller FPC...

Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a mobile operating system based on Android, and Huawei HarmonyOS, a distributed operating system developed by Huawei for the whole scenario, aiming at realizing intelligent interconnection and resource sharing among people, devices, an...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from incorrect error handling in the modem-ps-nas-ngmm module, which may result in undefined behavior...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from incorrect error handling in the ngmm module, which may result in undefined behavior...

CVE-2023-52713

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2024-30418

Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-30413

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-29474

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Management module...

Huawei HarmonyOS and EMUI Package Management Module Privilege Control Class Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege control type vulnerability exists in the...

Yelp: Privilege Escalation - A Low Privilege User who does not have access to the user management module can remove the owner of the business account

The owner of the business account was removed by a low-privilege user who did not have access to the user management module...

The vulnerability of the Traffic Management Module of the BIG-IP access control and remote authentication solution allows a perpetrator to impersonate the SSH server of SPK Secure Shell.

The vulnerability of the Traffic Management Module of the BIG-IP access control and remote authentication solution lies in the use of strict encryption for registration data. Exploiting this vulnerability allows a malicious actor to impersonate the SSH server...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data in the model management department, which can be exploited by an attacker to execute arbitrary Web script or HTML ...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Network Time Protocol (NTP)

Summary The following vulnerabilities in Network Time Protocol NTP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet wit...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in glib2, libxml2 and ntp. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in gmarkupparsecontextparse in...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in cURL. Vulnerability Details CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curlntlmcoremknthash internal function in...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2018-11236)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in GNU C Library. Vulnerability Details CVEID: CVE-2018-11236 DESCRIPTION: GNU glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds of checking by the pathname arguments in the...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by First Failure Data Capture (FFDC) information disclosure (CVE-2018-9068)

Summary IBM Integrated Management Module II IMM2 has addressed the following First Failure Data Capture FFDC information disclosure vulnerability. Vulnerability Details CVEID: CVE-2018-9068 DESCRIPTION: Lenovo Integrated Management Module 2 IMM2 contains hard-coded credentials to access the SFTP...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in GNU C Library. Vulnerability Details CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the resquery function in libresolv. By...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in curl

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in curl Vulnerability Details CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attack...