3 matches found
Input validation
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device...
CVE-2020-5302
MH-WikiBot (an IRC bot) suffered an access-control vulnerability: unprivileged users could invoke steward commands by impersonating a privileged user’s nickname on the IRC interface due to a missing login verification. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. T...
CVE-2020-5302 unprivileged user can access priviledged action in MH-WikiBot
MH-WikiBot an IRC Bot for interacting with the Miraheze API, had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in...