Improper access control

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

Improper access control

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

CVE-2022-42734

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

CVE-2022-42734

CVE-2022-42734 affects Siemens syngo Dynamics prior to VA40G HF01. The syngo Dynamics application server exposes a web service operation with improper write access control, enabling data writes in any folder accessible to the web app pool account. Affected versions are all

CVE-2022-42893

CVE-2022-42893 affects Siemens syngo Dynamics (all versions

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor has an access control error vulnerability that stems from its inability to properly control or clean the...

CVE-2021-40040

CVE-2021-40040 affects Huawei EMUI and Magic UI devices via the HW_KEYMASTER module, where a write to an arbitrary address is possible, potentially exposing confidential data. Root cause: improper handling in HW_KEYMASTER permitting uncontrolled writes. The CVSSv3.1 base score is 7.5 (HIGH) with ...

CVE-2021-40040

Vulnerability of writing data to an arbitrary address in the HWKEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality...

Apache Geode unsafe deserialization of application objects

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...

CVE-2022-21411

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...

MGASA-2022-0092 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on a...

CVE-2021-30323

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Qualcomm 多款产品安全漏洞

Qualcomm Qca chips and others are products of Qualcomm Incorporated, a U.S. company.The Qualcomm Qca chip is a Bluetooth module chip.The Qualcomm Qcs chip is a high-performance IoT system-on-chip.The Qualcomm Sd chip is a processor.The Qualcomm Qca chip is a Bluetooth module chip.The Qualcomm Qcs...

CVE-2022-21396

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

CVE-2022-21381

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: WebUI. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise...

CVE-2022-21281

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows high privileged attacker with...

CVE-2020-22061

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140...

CVE-2020-22061

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140...

CVE-2020-22061

CVE-2020-22061 affects SUPERAntiSpyware v8.0.0.1050. The issue resides in the driver component saskutil64.sys and permits an attacker with local access to arbitrarily write data to the device via IOCTL 0x9C402140. CVSS data in the record indicates a local, low complexity attack with partial confi...

CVE-2021-45910

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and to some...