PT-2024-34685 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to an input parameter verification vulnerability in the background service module. Successful exploitation of this vulnerability may affect availability...

PT-2024-34702 · Wave · Wave

Name of the Vulnerable Software and Affected Versions: Wave version 2.0 Description: This issue is caused by improper or missing authorization checks on certain API endpoints. An authenticated remote attacker could exploit this by manipulating API input parameters to gain unauthorized access and...

CVE-2024-9322

A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/editmanufacturer.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploi...

The vulnerability of the hashgen_main function (in the hashgen.cpp module) of the “Red Database” database management system allows a hacker to cause errors in the operation of the hashgen utility.

The vulnerability of the hashgenmain function in the hashgen.cpp module of the “Red Database” database management system is related to incorrect processing of input parameters from the hashgen utility. Exploiting this vulnerability can allow an attacker, operating remotely, to cause the hashgen...

xfpt 安全漏洞

xfpt is a program by Philip Hazel, an individual developer. It converts a UTF-8 encoded tagged source document into an XML document. A security vulnerability exists in versions prior to xfpt 1.01 that stems from a failure to properly handle certain parameters in the input data, resulting in a...

GO-2022-0928 Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows

Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows...

apollo-portal has potential unauthorized access issue

Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. Patches The issue was addressed with an input parameter check in...

CVE-2024-43397

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

CVE-2024-43397 Potential unauthorized access issue in apollo-portal

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

CVE-2024-43397

CVE-2024-43397 affects Apollo’s synchronization configuration feature in the open-source Apollo configuration management system. The vulnerability allows an attacker to bypass permission checks via crafted requests, enabling modification of a namespace without the required rights. The root cause ...

CVE-2024-43397 Potential unauthorized access issue in apollo-portal

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. A security vulnerability exists in Tenda O3, which stems from the manipulation of the parameter cmdinput in the function formexeCommand can lead to a stack-based buffer overflow, which could allow remote launch of an attack. No detailed...

Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-39498

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drmdpaddpayloadpart2 Why Commit: - commit 5aa1dfcdf0a4 "drm/mst: Refactor the flow for payload allocation/removement" accidently overwrite the commit - commit 54d217406afe "drm: use mgr-de...

CVE-2024-39498 drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drmdpaddpayloadpart2 Why Commit: - commit 5aa1dfcdf0a4 "drm/mst: Refactor the flow for payload allocation/removement" accidently overwrite the commit - commit 54d217406afe "drm: use mgr-de...

CVE-2024-39498

CVE-2024-39498 (Linux kernel) resolves a NULL pointer dereference in the DRM MST path during payload handling. The issue stemmed from an overwrite in a refactored payload allocation/removal flow, which regressed when two commits touched in drm_dp_add_payload_part2 used/modified the state input. T...

CVE-2024-39498 drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drmdpaddpayloadpart2 Why Commit: - commit 5aa1dfcdf0a4 "drm/mst: Refactor the flow for payload allocation/removement" accidently overwrite the commit - commit 54d217406afe "drm: use mgr-de...