Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.3 views

CVE-2023-53908

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...

8.7CVSS7AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 12:34 a.m.3 views

EUVD-2023-60222

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...

8.7CVSS6.5AI score0.00293EPSS
Exploits0References4
NVD
NVD
added 2025/12/17 11:15 p.m.3 views

CVE-2023-53908

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...

8.8CVSS0.00293EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.19 views

CVE-2023-53908 HiSecOS 04.0.01 Privilege Escalation via User Role Modification

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...

8.8CVSS0.00293EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.2 views

CVE-2023-53908 HiSecOS 04.0.01 Privilege Escalation via User Role Modification

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mopsdata endpoint with a specific role value to elevate their user privileges to...

8.8CVSS6.6AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51946

Name of the Vulnerable Software and Affected Versions HiSecOS version 04.0.01 Description The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the /mops data API endpoint using NETCONF...

8.7CVSS6.5AI score0.00293EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54657

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00352EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-37846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used...

7.1CVSS6.2AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/09 12:1 a.m.15 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS7.2AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/06/07 7:15 p.m.16 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/07 12:0 a.m.14 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/07 12:0 a.m.4 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS6.8AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/07 12:0 a.m.4 views

moPS App 安全漏洞

The moPS App is a mobile app from moPS Inc. A security vulnerability exists in moPS App version 1.8.618 and prior versions, which stems from unauthenticated access to the management API endpoint and could lead to read/write privilege abuse...

9CVSS6.7AI score0.00352EPSS
Exploits0References4
CVE
CVE
added 2025/06/07 12:0 a.m.98 views

CVE-2024-55585

CVE-2024-55585 affects moPS App up to version 1.8.618. The vulnerability stems from insufficient access control on administrative API endpoints, allowing unauthenticated users to perform read and write actions (example: /api/v1/users/resetpassword). The CVSS shows high impact with confidentialiti...

9CVSS6.6AI score0.00352EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/05/10 2:53 a.m.3 views

SUSE CVE-2025-37846

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...

5.5CVSS7.7AI score0.00225EPSS
Exploits0References4
NVD
NVD
added 2025/05/09 7:16 a.m.7 views

CVE-2025-37846

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...

7.1CVSS0.00225EPSS
Exploits0References4
OSV
OSV
added 2025/05/09 7:16 a.m.2 views

DEBIAN-CVE-2025-37846

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...

7.1CVSS5.7AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 7:16 a.m.4 views

UBUNTU-CVE-2025-37846

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...

7.1CVSS6.2AI score0.00225EPSS
Exploits0References26
CVE
CVE
added 2025/05/09 6:41 a.m.83 views

CVE-2025-37846

CVE-2025-37846 (Linux kernel, arm64) is a vulnerability in the mops path that incorrectly dereferenced the source register during a SET* sequence. The root cause is that the source register (not used for SET* operations) could be read, leading to a UBSAN out-of-bounds array access when the MOPS e...

7.1CVSS6.6AI score0.00225EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/09 6:41 a.m.16 views

CVE-2025-37846 arm64: mops: Do not dereference src reg for a set operation

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET...

0.00225EPSS
Exploits0References4
Rows per page
Query Builder