140 matches found
CVE-2023-29747
Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...
Out-of-bounds
The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service...
CVE-2022-48478
CVE-2022-48478 affects Huawei HarmonyOS facial recognition TA; multiple connected sources confirm a missing memory length verification in the facial recognition component, which can cause the facial recognition service to throw exceptions. The CVE is rated CRITICAL (CVSS 9.8) with network attack ...
CVE-2022-48478
The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service...
CVE-2022-48479
The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service...
GHSA-R8QR-WWG3-2R85 Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.1...
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 Workarounds None For more information If you...
CVE-2023-26051
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
CVE-2023-26051
Summary of CVE-2023-26051 (Saleor) : Saleor is vulnerable to information disclosure via unhandled internal Python exceptions that may be returned in API error messages. The leakage can reveal sensitive data such as user email addresses in staff-authenticated requests. This issue has been addresse...
CVE-2022-46323
Huawei HarmonyOS is affected by CVE-2022-46323, a memory out-of-bounds write vulnerability in the OS that can lead to system service exceptions. The CVSS v3.1 score is 9.8 (CRITICAL) with network attack vector, no user interaction, and high impacts on confidentiality, integrity, and availability....
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...
GHSA-C4PM-63CG-9J7H Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...
RLSA-2022:7593 Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. For more details abo...
ALSA-2022:7593 Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. For more details abo...
CVE-2022-3500
A vulnerability was found in keylime. This issue occurs due to improperly handled exceptions. A rogue agent could potentially create errors on the verifier that stopped attestation attempts for that host, leaving it in an attested state but not verified...
What's New in InsightIDR: Q3 2022 in Review
This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization. 360-degree XDR and attack surface coverage with Rapid7 The Rapid7 XDR suite — flagship InsightIDR, alongside InsightConnect SOAR, and Thre...
CVE-2022-34740
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation...
Buffer overflow
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation...