ESKOM Computer e-municipality module security vulnerability

ESKOM Computer e-municipality module is an application from ESKOM Inc. A security vulnerability exists in versions prior to ESKOM Computer e-municipality module v.105 that stems from improper privilege management and allows collection of user-supplied data...

Design/Logic Flaw

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4...

GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...

CVE-2023-46765

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability...

CVE-2023-46765

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability...

Lenovo Desktops Security Breach

Lenovo Desktops are desktop computers from the Chinese company Lenovo. A security vulnerability exists in Lenovo Desktop that originates from a buffer overflow in the SmuV11DxeVMR module...

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetExcursionList method...

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the DeleteAssignments method...

The vulnerability of the module of the virtual trusted platform for Windows operating systems, allowing a perpetrator to execute arbitrary code

The vulnerability of the virtual trusted platform module for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Privilege escalation

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability...

CVE-2023-44106

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a broadcast privilege control type vulnerability in the Bluetooth module. Successful...

CVE-2023-43663

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included i...

Oracle Linux 8 : python27:2.7 (ELSA-2020-1605)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1605 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a parameter checking laxity vulnerability in the module. Successful exploitation of thi...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a service hijacking vulnerability in the module. Successful exploitation of this...

CVE-2023-39908

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. that is specifically designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from the presence of uninitialized data in multiple locations of...

Linux kernel resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue found in the siano smsusb module.The error occurs during device initialization wh...