453 matches found
CVE-2021-30315
Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto...
CVE-2021-39345
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
CVE-2021-39345
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
CVE-2021-39345
The CVE-2021-39345 entry concerns the WordPress HAL plugin, affected up to version 2.1.1. The vulnerability is a Stored Cross-Site Scripting flaw in wp-hal.php caused by insufficient input validation/sanitization of several parameters, exploitable by attackers with administrative access. Impact i...
CVE-2021-39345 HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
CVE-2021-39345 HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
WordPress 跨站脚本漏洞
WordPress plugin is a WordPress open source application plugin. WordPress plugin HAL has a cross-site scripting vulnerability that originates from several parameters in the /wp-hal.php file leading to insufficient input validation and cleanup, which can be exploited by an attacker with...
WordPress HAL plugin <= 2.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress HAL plugin versions = 2.1.1. Solution Update the WordPress HAL plugin to the latest available version at least 2.2...
HAL < 2.2 - Admin+ Stored Cross-Site Scripting
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where...
CVE-2021-0540
In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...
CVE-2021-0547
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...
CVE-2021-0547
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...
Privilege escalation
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...
CVE-2021-0566
In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2021-0547
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...
CVE-2021-0547
CVE-2021-0547 concerns a local elevation-of-privilege vulnerability in Android 11. In NetInitiatedActivity.java onReceive, an attacker-controlled value can be supplied to a GPS HAL handler due to a missing permission check, enabling local privilege escalation with undefined behavior in some HAL i...
CVE-2021-0540
In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android halwrapper.cc. An attacker can exploit this vulnerability to escalate privileges...
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...
CVE-2021-29452
CVE-2021-29452 : A flawed privilege check in the a12n-server HAL-Form for editing users (v0.18.0) allowed any logged-in user to edit other users. Patched in v0.18.2. Multiple connected advisories corroborate insecure access controls affecting all users of the package; remediation is upgrade to th...