35 matches found
CVE-2023-53908
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...
EUVD-2023-60222
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...
CVE-2023-53908
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...
CVE-2023-53908 HiSecOS 04.0.01 Privilege Escalation via User Role Modification
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...
CVE-2023-53908 HiSecOS 04.0.01 Privilege Escalation via User Role Modification
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...
PT-2025-51946
Name of the Vulnerable Software and Affected Versions HiSecOS version 04.0.01 Description The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the /mops data API endpoint using NETCONF...
EUVD-2024-54657
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-37846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
moPS App 安全漏洞
The moPS App is a mobile app from moPS Inc. A security vulnerability exists in moPS App version 1.8.618 and prior versions, which stems from unauthenticated access to the management API endpoint and could lead to read/write privilege abuse...
CVE-2024-55585
CVE-2024-55585 affects moPS App up to version 1.8.618. The vulnerability stems from insufficient access control on administrative API endpoints, allowing unauthenticated users to perform read and write actions (example: /api/v1/users/resetpassword). The CVSS shows high impact with confidentialiti...
SUSE CVE-2025-37846
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...
CVE-2025-37846
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...
DEBIAN-CVE-2025-37846
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...
UBUNTU-CVE-2025-37846
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...
CVE-2025-37846
CVE-2025-37846 (Linux kernel, arm64) is a vulnerability in the mops path that incorrectly dereferenced the source register during a SET* sequence. The root cause is that the source register (not used for SET* operations) could be read, leading to a UBSAN out-of-bounds array access when the MOPS e...
CVE-2025-37846 arm64: mops: Do not dereference src reg for a set operation
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...