Tenda AX9 安全漏洞

Tenda AX9 is a Wi-Fi 6 router from Tenda China. A command execution vulnerability exists in Tenda AX9 version V22.03.01.46, which is caused by the "mac" parameter in /goform/setModules not properly filtering constructed command special characters, commands, etc. This vulnerability can be exploite...

Huawei HarmonyOS Multi-User Module Authorization Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an authorization issue vulnerability that stems from improper privilege management in multi-user modules. An attacker could...

com.qwlabs.doraemon:feature-flags (>=0.2.257 <=0.2.290), com.qwlabs.doraemon:graphql (>=0.2.282 <=0.2.290) +10 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.3.0.CR1 <=3.5.1)

io.quarkus:quarkus-cache MAVEN version =3.3.0.CR1, =0.2.257, =0.2.282, =0.2.281, =0.2.282, =0.2.257, =0.2.257, =0.2.257, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.5.1 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...

com.qwlabs.doraemon:feature-flags (>=0.2.239 <=0.2.256), com.qwlabs.doraemon:q-api (>=0.2.239 <=0.2.256) +8 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.2.0.CR1 <=3.2.8.Final)

io.quarkus:quarkus-cache MAVEN version =3.2.0.CR1, =0.2.239, =0.2.239, =0.2.239, =0.2.239, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =2.0.17, =2.1.0-BETA-7 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...

DEBIAN-CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

GO-2023-2383 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

Information Disclosure

microsoft/microsoft-graph is vulnerable to Information Disclosure. The vulnerability exists in the phpinfo function of GetPhpInfo.php, allowing an attacker to access unauthorized system information such as configuration details, modules, and environment variables. This vulnerability is only...

[SECURITY] Fedora 39 Update: perl-5.38.2-502.fc39

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Google Golang Security Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

UBUNTU-CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

Microsoft Graphics Component Information Disclosure Vulnerability

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...

Microsoft Graphics Component Information Disclosure Vulnerability

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component microsoft-graph-core that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access...

aero.champ:cargojson (=1.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +35990 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-core (>=0.2.5 <=1.2.12)

ch.qos.logback:logback-core MAVEN version =0.2.5, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =0.0.86, =0.0.86, =0.0.86, =0.15, =0.15, =0.15, =0.23 and more Source cves: CVE-2023-6378 Source advisory: OSV:GHSA-VMQ6-5M68-F53M...

am.ik.access-logger:access-logger (>=0.1.0 <=0.1.2), cn.herodotus.engine:event-core (=3.0.1.0) +618 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.0.12)

org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.0, =0.1.2 - cn.herodotus.engine:event-core =3.0.1.0 - cn.herodotus.engine:event-message-spring-boot-starter =3.0.1.0 - cn.herodotus.engine:event-pay-spring-boot-starter =3.0.1.0 -...

Default credentials

In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...

CVE-2023-46355

CVE-2023-46355—CSV Feeds PRO (PrestaShop) affects Bl Modules csvfeeds module prior to version 2.6.1. The root cause is overly permissive access control that does not require an administrator to authenticate when accessing feeds, allowing guests to download exports and potentially leak personal da...

UBUNTU-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

CVE-2023-41699 Payara Platform: URL Redirection to untrusted site using FORM authentication

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

The vulnerabilities of the input/output modules in the Rsyslog software utility for logging processing allow a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the input/output modules of the Rsyslog log processing software is related to insufficient handling of the format string. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...