619 matches found
DEBIAN-CVE-2024-9902
A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...
CVE-2024-51528
Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
PT-2024-34688 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service...
CVE-2024-50078 Bluetooth: Call iso_exit() on module unload
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call isoexit on module unload If isoinit has been called, isoexit must be called on module unload. Without that, the struct proto that isoinit registered with protoregister becomes invalid, which could cause...
PT-2024-6647 · Su +4 · Su +4
Name of the Vulnerable Software and Affected Versions: Authd PAM module versions prior to 0.3.5 Description: The issue is related to errors in privilege management, allowing a remote attacker to gain access to another user's account by executing commands such as su, sudo, or ssh and modifying the...
Drupal Two-factor Authentication (TFA) module < 1.8.0 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Francesco Placella in WordPress Module Two-factor Authentication TFA versions 1.8.0...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei EMUI is Huawei's emotional operating system based on Android. Huawei HarmonyOS/EMUI suffers from an access privilege authentication vulnerability, which originates from an access privilege...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
PT-2024-31633 · Unknown · Wms Module
Name of the Vulnerable Software and Affected Versions: WMS module affected versions not specified Description: The issue is related to an access permission verification vulnerability in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...
AlienVault Authenticated SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.5.0 is susceptible to an authenticated SQL injection...
webcrack 安全漏洞
webcrack is a tool for reverse engineering javascript by the individual developer j4k0xb. A security vulnerability exists in webcrack that originates from an arbitrary file write vulnerability in the webcrack module when processing specially crafted malicious code on Windows systems...
CVE-2024-42035
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...
Huawei EMUI和Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to an access...
Dell iDRAC Service Module 缓冲区错误漏洞
The Dell iDRAC Service Module is a lightweight software module from Dell USA designed to run on Dell PowerEdge servers to enhance the functionality of iDRAC Integrated Dell Remote Access Controller. An out-of-bounds write vulnerability exists in Dell iDRAC Service Module 5.3.0.0 and earlier...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an inconsistency between the data length and count during a write operation in the nfc/nci module, where...
CVE-2024-36682
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...
USN-6826-1 libapache-mod-jk vulnerability
Karl von Randow discovered that modjk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a vulnerability in the s390/cio module...
Huawei HarmonyOS and EMUI Memory Module Out-of-Bounds Access Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds access vulnerability exists in the...