CVE-2022-48288

CVE-2022-48288 relates to Huawei HarmonyOS, where the bundle management module exposes APIs without authentication/adequate access control. This vulnerability can lead to data confidentiality impacts if an attacker can access or manipulate bundle-related APIs. The available documents do not speci...

CVE-2022-48301

CVE-2022-48301 describes a permission verification flaw in Huawei HarmonyOS’ bundle management module. Some APIs do not verify permissions, and exploitation may restore pre-installed apps that had been uninstalled. The CVSS data indicates high impact (I:High, A:N) with network attack vector and n...

CVE-2022-24895: CSRF token fixation

Affected versions Symfony versions =2.0.0, 4.4.50, = 5.0.0, 5.4.20, = 6.0.0, 6.0.20, = 6.1.0, 6.1.12, and = 6.2.0, 6.2.6 of the Symfony Security Bundle are affected by this security issue. The issue has been fixed in Symfony 4.4.50, 5.4.20, 6.0.20, 6.1.12, and 6.2.6. All other versions are not...

Malicious code in toolbox-bem-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7d90e4edafca946a3c4746d96347b41770e4cf2fd362e3dcaa984b69e3fc64f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-895 Malicious code in toolbox-bem-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7d90e4edafca946a3c4746d96347b41770e4cf2fd362e3dcaa984b69e3fc64f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99

Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity ...

PaginationServiceProvider SQL注入漏洞

PaginationServiceProvider is an application by Takashi Kanemoto Personal Developer. Allows you to use KnpPaginatorBundle in Silex applications. A SQL injection vulnerability exists in PaginationServiceProvider version 0.x and prior versions, which stems from incorrect manipulation of the paramete...

The vulnerability of the software component responsible for processing resource bundles in VMware vCenter Server allows a attacker to cause a service failure.

The vulnerability of the resource bundle processor in the software that manages virtual infrastructure such as VMware vCenter Server relates to the execution of a cycle without sufficient restrictions on its frequency of execution. Exploiting this vulnerability could allow an attacker, operating...

Exploit for Path Traversal in Apache Http_Server

Exploit for Apache2 Exploit for path transversal vulnerabilit...

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

unbound security, bug fix, and enhancement update

1.16.2-2 - Require openssl tool for unbound-keygen 2116802 1.16.2-1 - Update to 1.16.2 2087120 1.16.0-3 - Disable ED25519 and ED448 in FIPS mode 2079548 1.16.0-2 - Restart keygen service before every unbound start 2094336 1.16.0-1 - Update to 1.16.0 2087120 1.15.0-1 - Update to 1.15.0 2030608 -...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

Ibexa GraphQL Bundle 安全漏洞

Ibexa GraphQL Bundle is an Ibexa open source GraphQL server for the eZ platform, open source Symfony CMS. A security vulnerability exists in Ibexa GraphQL Bundle versions prior to 2.3.12 and 1.0.13, which stems from the fact that its insecure storage of sensitive information results in...

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

Information disclosure

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

ASB-A-240138318

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...