goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates a network for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from frequent unencrypted location, place, and message...

CVE-2022-48711

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structs from peer nodes to track their views of the network topology. This patch verifies that t...

CVE-2022-48711 tipc: improve size validations for received domain records

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structs from peer nodes to track their views of the network topology. This patch verifies that t...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2023-40113

In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40113

CVE-2023-40113 affects the Android platform (System component) and stems from a missing permission check that allowed apps to access cross‑user message data. This enables local information disclosure without extra privileges or user interaction. Public details in the provided documents are limite...

PT-2024-12851 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a missing permission check in multiple locations, allowing apps to access cross-user message data. This could lead to local informati...

CVE-2023-30719

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data...

Information disclosure

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data...

CVE-2023-30719

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data...

CVE-2023-30719

CVE-2023-30719 affects Samsung InboundSmsHandler prior to SMR Sep-2023 Release 1. The vulnerability exposes sensitive message data to local attackers due to improper exposure of information in InboundSmsHandler. Affected software/versions: InboundSmsHandler before SMR Sep-2023 Release 1. Impact i...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from an insufficient check that allows access to other users' message data...

CVE-2023-27304

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 CyVDB-3142 Operation restriction bypass vulnerability in Message and Bulletin CWE-285 - CVE-2023-27304 CyVDB-3165 Operation...

Rockwell Automation ThinManager ThinServer 缓冲区错误漏洞

Rockwell Automation ThinManager ThinServer is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. A buffer overflow vulnerability exists in Rockwell Automation ThinManager ThinServer, which...

SUSE CVE-2011-2501

The pngformatbuffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service application crash via a crafted PNG image that triggers an out-of-bounds read during the copying of...

SUSE CVE-2015-4103

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service host interrupt handling confusion via vectors related to qemu and accessing spanning multiple fields...

Mozilla Thunderbird 跨站脚本漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports the IMAP and POP email protocols as well as the HTML email format. Mozilla Thunderbird suffers from a cross-site scripting vulnerabilit...

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in versions 6.1.x through 6.3.0.71 of the Translate plug-in for...