619 matches found
HUAWEI HarmonyOS 资源管理错误漏洞
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS kernel that stems from a use-after-release vulnerability in a kernel module, whi...
Input validation
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability...
Mageia: Security Advisory (MGASA-2016-0245)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-40002
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end...
CVE-2021-37112
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak...
ajaxsoundstudio.com Pyo安全漏洞
Pyo is a Python module written in C by the individual developer Olivier Belanger. It is used to help create digital signal processing scripts. ajaxsoundstudio.com A security vulnerability exists in Pyo version 1.03, which can be exploited by an attacker to conduct a denial-of-service attack by...
Huawei HarmonyOS stack buffer overflow vulnerability (CNVD-2021-99968)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A stack buffer overflow vulnerability exists in the Kernel module of Huawei HarmonyOS. An attacker can exploit this vulnerability to cause the device to beco...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS Wearables, an electronic watch from Huawei of China Huawei, is vulnerable to an improper privilege management vulnerability in the Huawei HarmonyOS Wearables cellular module. An attacker could exploit this vulnerability to cause confidentiality to be compromised...
Ansible: ansible-connection module discloses sensitive info in traceback error message
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...
Moddable SDK 缓冲区错误漏洞
Moddable SDK is a software development kit SDK for IoT embedded software development from Moddable U.S.A. A buffer error vulnerability exists in Moddable SDK v10.5.0, which originates in the software component module /modules/network/wifi/esp/modwifi. c is vulnerable to a heap-based buffer...
Consensus Halt
github.com/cosmos/cosmos-sdk encounters a consensus halt. An attacker with the ability to send transactions on any chain with the authz module enabled can halt that chain using many Grants, with different but close expiration times as it uses non-deterministic behaviour in a ValidateBasic method ...
Oracle MySQL Cluster 输入验证错误漏洞
MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database. A security vulnerability exists in the Cluster: JS module component in Oracle MySQL Cluster 8.0.25 and earlier. An attacker can exploit this vulnerability to cause a denial of service...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48502)
CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...
CVE-2021-21473
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...
CVE-2021-21473
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...
Schneider Electric IGSS 缓冲区错误漏洞
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...
Linux kernel 安全漏洞
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An arbitrary code execution vulnerability exists in mwifiexcmd80211adhocstart in...
Odoo Cross-Site Scripting Vulnerability (CNVD-2020-74057)
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, financial management and so on. A cross-site...
Red Discord Bot Elevation of Privilege Vulnerability
Red Discord Bot is a modular robot written in Python by an individual developer. The bot software can be configured to accomplish different functions depending on the module. A security vulnerability exists in Red Discord Bot versions prior to 3.4.1 that stems from an unauthorized privilege...