442 matches found
CVE-2023-44093
CVE-2023-44093 corresponds to a Huawei HarmonyOS issue where the security module does not verify package name public keys. Affected component: security module in HarmonyOS. Root cause: unverified public keys in package names. Impact: potential confidentiality exposure if exploited. The connected ...
PT-2023-29093 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Security module affected versions not specified Description: The issue concerns the security module where package names' public keys are not being verified. This could potentially affect service confidentiality if successfully exploited...
Huawei HarmonyOS Trust Management Issue Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a trust management issue vulnerability, which stems from the presence of a package name public key that is not verified in the...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a trust management issue vulnerability, which stems from the presence of a package name public key that is not verified in the...
CVE-2023-41307
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability...
CVE-2023-41307
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability...
Memory corruption
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability...
CVE-2023-41307
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability...
CVE-2023-41307
CVE-2023-41307 concerns a memory overwrite vulnerability in the security module of Huawei HarmonyOS. The issue is described as impacting availability when exploited, with CVSS indicating NETWORK attack vector, LOW attack complexity, no privileges required, and a HIGH availability impact. Multiple...
CVE-2023-41307
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability...
PT-2023-27894 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Security module affected versions not specified Description: The issue is related to a memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...
Huawei HarmonyOS Buffer Error Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a memory out-of-bounds vulnerability in the security module. Successful exploitation of...
PT-2023-36432 · Gnu +2 · Linux +2
Уязвимость функции aa unpack в модуле security/apparmor/policy unpack.c модуля безопасности AppArmor ядра операционной системы Linux связана с возможной утечкой памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании...
PT-2023-24981 · F5 · F5 Big-Ip
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions affected versions not specified Description: The issue concerns F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards, which generate a deterministic password for the Crypto User account. This predictable password allows an...
The communication module of the Mitsubishi Electric WS0-GETH00200 security controller is vulnerable due to the lack of authentication. This allows attackers to escalate their privileges and gain access to the device.
The vulnerability of the communication module for Mitsubishi Electric WS0-GETH00200 security controllers is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to remotely increase their privileges and gain access to the device via the TELNET network...
kernel: bpf: prevent leak of lsm program after failed attach
A reference count leak was found in the BPF subsystem. When attaching a BPF LSM program to a cgroup fails validation, the program's reference count is not decremented, causing the BPF program to remain loaded indefinitely...
HashiCorp Vault 加密问题漏洞
HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault Enterprise that stems from the Vault not properly applying HMAC to messages sent from the HSM when using a CBC-based encryption mechanism...
PT-2023-18357 · Hashicorp · Hashicorp Vault Enterprise
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 1.13.0 through 1.13.1 Description: The issue concerns a padding oracle attack when using an HSM in conjunction with the CKM AES CBC PAD or CKM AES CBC encryption mechanisms. An attacker with privileges to...
Exploit for SQL Injection in Prestashop
LabelGrup Networks, official PrestaShop Partner !LabelGrup L...
K35205264: Linux kernel vulnerability CVE-2018-10938
Security Advisory Description A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-servic...