ALSA-2022:0267 Important: polkit security update

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fixes: polkit: Local privilege escalation in pkexec due to incorrect handling of argument...

Huawei HarmonyOS Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS has a security vulnerability that could be exploited by attackers to affect service availability...

Huawei HarmonyOS Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has a security vulnerability that could be exploited by attackers to compromise confidentiality...

CVE-2021-44159

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack...

CVE-2021-44159

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack...

CVE-2021-44159 4MOSAn GCB Doctor - Unrestricted Upload of File

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack...

CVE-2021-44159

CVE-2021-44159 concerns 4MOSAn GCB Doctor’s file upload function, where improper user privilege control allows an unauthenticated remote attacker to upload arbitrary files (including webshells) and potentially execute code, enabling arbitrary system operations or a denial of service. The vulnerab...

Huawei Emui and Magic UI incorrect privilege control vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. An incorrect privilege control vulnerability exists in Huawei Emui and Magic UI. An attacker could use the vulnerability to obtain certain device information...

Huawei Smartphone 权限许可和访问控制问题漏洞

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. An incorrect privilege control vulnerability exists in Huawei Emui and Magic UI. An attacker could use the vulnerability to obtain certain device information...

Huawei Cloudengine 5800 安全漏洞

The Huawei Cloudengine 5800 is a 5800 series data center switch from Huawei of China.The Huawei Cloudengine 5800 is vulnerable to a privilege permission and access control issue, which stems from a lack of privilege restrictions, and an authenticated local attacker could perform specific actions ...

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-78441)

IBM Sterling File Gateway, an application for transferring files between internal and external partners, allows you to more securely and reliably transfer files with trading partners. an information disclosure vulnerability exists in IBM Sterling File Gateway version 2.2.0.0-6.1.1.0. The...

IBM Sterling File Gateway 安全漏洞

IBM Sterling File Gateway, an application for transferring files between internal and external partners, allows you to more securely and reliably transfer files with trading partners. an information disclosure vulnerability exists in IBM Sterling File Gateway version 2.2.0.0-6.1.1.0. The...

Ubiquiti Networks UniFi Protect Access Control Error Vulnerability

An access control error vulnerability exists in Ubiquiti Networks UniFi Protect, a network video recorder from Ubiquiti Networks, Inc. The vulnerability is caused by the product not adding effective privilege control for accessers with view-only access, network access. An attacker could use this...

Design/Logic Flaw

The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork...

CVE-2021-37911

The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork...

CVE-2021-37911

CVE-2021-37911 affects BenQ smart wireless conference projectors (data: BenQ EH600/related models). The management interface does not properly enforce user privileges, allowing an attacker on the local subnet to reach arbitrary system directories and execute commands. This is supported by NVD and...

Huawei EMUI/Magic UI Privilege Control Vulnerability

Huawei Emui is a mobile operating system developed on Android. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to a privilege control vulnerability. An attacker can exploit the vulnerability to cause execution of certain code...

Huawei Smartphone 安全漏洞

Huawei Emui is a mobile operating system developed on Android. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to a privilege control vulnerability. An attacker can exploit the vulnerability to cause execution of certain code...

ForgeRock AM code issue vulnerability

ForgeRock AM is an open source access management, privilege control platform with widespread use in universities and social organizations.ForgeRock AM is vulnerable to a code issue that could be exploited by an unauthenticated attacker to remotely execute arbitrary code by constructing a special...

Guild Wars 2 安全漏洞

Guild Wars 2 Guild Wars 2 is a role-playing computer client game. A security vulnerability exists in Guild Wars 2 launcher version 106916, which stems from improper privilege control. An authenticated attacker can use this vulnerability to modify an existing executable file with a binary of his...