PT-2024-2048 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is related to certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE AUTH negotiation process. The scenarios in which disclosure...

CVE-2022-40742

Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service...

Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058

This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions. The module doesn't sufficiently apply access restrictions when using the filters fieldlabel, fieldvalue,...

AZL-41814 CVE-2022-2097 affecting package hvloader for versions less than 1.0.1-2

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

Huawei FusionCompute Encryption Issue Vulnerability

Huawei FusionCompute is a software for virtualization support from Huawei, a Chinese company. The software is a virtualization engine that provides virtualization support for cloud hosts. A security vulnerability exists in FusionCompute version 8.0.0, which can be exploited by an attacker with...

Information leakage vulnerability in multiple Huawei phones

Huawei Berlin-L21HN and Prague-AL00A are smartphone products of Huawei China. Several Huawei phones are vulnerable to information leakage. When a user connects a dangerous charging device to charge the phone, an unauthenticated attacker opens specific features of the phone by sending a carefully...

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

Multiple Huawei products SFTP module out-of-bounds read vulnerability

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An out-of-bounds read vulnerability exists in the SFTP module of several Huawei products, which can be exploited by an authenticated remote attacker by...

OSIsoft PI SQL Data Access Server Input Validation Vulnerability

OVERVIEW OSIsoft has identified an input validation vulnerability in its own PI SQL Data Access Server. OSIsoft has produced a new version of PI SQL Data Access Server OLE DB 2016 1.5 to address this issue. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Affected versions of PI...