MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a lack of evaluation of the da module, which may result in out-of-bounds writes...

CVE-2023-52377

Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access...

CVE-2023-52377

Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access...

Out-of-bounds

Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access...

CVE-2023-52377

CVE-2023-52377 affects Huawei EMUI (cellular data module). The vulnerability arises from input data not being verified, potentially enabling out-of-bounds access. Reported CVSS v3.1 base score is 7.4 (HIGH) with network attack vector, high impact on confidentiality and availability, and no user i...

CVE-2023-52377

Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access...

Huawei EMUI Security Vulnerability

Huawei EMUI is an Android-based mobile operating system developed by Chinese company Huawei. A security vulnerability exists in Huawei EMUI, which originates from an input data unchecked vulnerability in the cellular data module...

Using Spring for GraphQL with Spring Data Neo4j

Introduction This is a guest blog post by Gerrit Meier from Neo4j who maintains the Spring Data Neo4j module. A few weeks ago version 1.2.0 of Spring for GraphQL was released with a bunch of new features. This also includes even better integration with Spring Data modules. Motivated by those...

SUSE CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module...

The vulnerability of the import mechanism for configuration files of microprogrammed medical equipment from B. Braun Melsungen AG’s SpaceCom and B. Braun Melsungen AG’s Data Module CompactPlus allows a malicious individual to elevate their privileges to the root level.

The vulnerability of the import mechanism for configuration files of microprogrammed medical devices from B. Braun Melsungen AG SpaceCom and B. Braun Melsungen AG Data Module CompactPlus is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to elevate...

CVE-2020-25156

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...

CVE-2020-25166

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper...

CVE-2020-25164

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface...

CVE-2020-25164

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface...

CVE-2020-25162

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25168

Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module...

CVE-2020-25154

An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites...

CVE-2020-25152

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges...

CVE-2020-25150

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...

Code injection

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...