Authentication flaw

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52363

CVE-2023-52363 describes a defect introduced in the design process in the Control Panel module with potential to cause app processes to start by mistake. Public sources reference Huawei HarmonyOS/EMUI context and generic design-phase vulnerability impact. The available documents do not provide co...

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

Metasploit Weekly Wrap-Up 02/02/2024

Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed...

ALSA-2024:0464 Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...

Huawei HarmonyOS buffer overflow vulnerability (CNVD-2024-06169)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in a module. An attacker could exploit the...

Sql injection

In the module mib 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods mib::getManufacturersByCategory has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-46351

In the module mib 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods mib::getManufacturersByCategory has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-46351

The CVE-2023-46351 issue affects the mib module for PrestaShop before version 1.6.1. A guest can perform SQL injection via the mib::getManufacturersByCategory() function, triggered by a trivial HTTP request. The underlying SQL calls are sensitive, allowing an attacker to forge a SQL injection wit...

GHSA-62JR-84GF-WMG4 Default swagger-ui configuration exposes all files in the module

Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...

CVE-2023-52100

Technical details about CVE-2023-52100 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories to obtain affected products, scope, and remediation.

CVE-2023-52115

The CVE-2023-52115 entry concerns the iaware module with a Use-After-Free (UAF) vulnerability that may affect system functions. CVSS data indicate HIGH availability impact, Network attack vector, Low attack complexity, No privileges required, No user interaction. Connected documents tie this to H...

PT-2024-14400 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A buffer overflow vulnerability exists in the FLP module. Successful exploitation of this issue may cause an out-of-bounds read. Recommendations: At the...

ALSA-2024:0116 Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an authentication class vulnerability in the module. Successful exploitation of this...

GHSA-VR7M-R9VM-M4WF PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

Double free

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that stems from a type confusion issue in the V8 module...