61 matches found
Huawei HarmonyOS and EMUI Memory Module Out-of-Bounds Access Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds access vulnerability exists in the...
CVE-2024-31465
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page...
CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker...
CVE-2024-21912
Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21912 (out-of-bounds write / arbitrary code execution). The vulnerability arises from writing beyond designated memory, causing an access violation and allowing code execution when a user opens a malicious fi...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : EDK II vulnerabilities (USN-6638-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6638-1 advisory. Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact...
PT-2023-27545 · Sap · Sap Business Objects Installer
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Suite Installer versions 420, 430 Description: The issue allows an attacker within the network to create a directory under a temporary directory and link it to a directory with operating system files. On successful...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2023-64499)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from insufficient validation of input parameters by the communication system. An...
CVE-2022-48492
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker exploiting this vulnerability could cause availability to be compromised...
Code injection
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application...
CVE-2022-41214
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integri...
CVE-2022-41214
CVE-2022-41214 affects SAP NetWeaver Application Server ABAP and ABAP Platform. The root cause, as described across multiple sources, is insufficient input validation that enables a user with high privileges to invoke a remote-enabled function to delete a file that would normally be restricted. S...
CVE-2022-43403
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
CVE-2022-43402
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
Improper access control
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a configuration flaw. An attacker exploited the vulnerability to cause availability to...
CVE-2021-42581
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...
CVE-2021-42581
CVE-2021-42581 affects Ramda up to v0.27.0 in mapObjIndexed, enabling prototype pollution that can lead to remote code execution/integrity or availability impact (CVSS 9.8). IBM advisories reference Ramda prototype pollution and remediation via upgrading affected products, but no specific patch v...
CVE-2022-22536
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the...