CVE-2018-19418

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control...

EUVD-2021-26348

Malware in sbrugna...

EUVD-2021-23576

Malware in sbrugna...

EUVD-2022-3216

Malicious code in bioql PyPI...

POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the...

CVE-2024-41160

OpenHarmony affects OpenHarmony v4.1.0 and earlier. The CVE-2024-41160 vulnerability is described as a use-after-free that allows a local attacker to upgrade the common permission to root and leak sensitive information. The available documents confirm the affected software and the malicious outco...

cloud-init security, bug fix, and enhancement update

23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permission Orabug: 35302969 - Update detection logic for OL distros in config template Orabug: 34845400 - Adde...

CVE-2023-30918

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

CVE-2021-39992

CVE-2021-39992 affects Huawei EMUI (Android-based) via a vulnerability in ACPU caused by a security privilege misconfiguration. The issue potentially allows code execution with high impact on confidentiality, integrity, and availability, given the CVSS 3.1 metrics (LOCAL access, LOW privileges re...

CVE-2018-19418

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control...

CVE-2018-19418

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control...

Command injection

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control...

CVE-2018-19418

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control...

CVE-2018-19418

CVE-2018-19418 affects Foxit PDF ActiveX/SDK ActiveX prior to 5.5.1. Root cause: lack of security permission control leading to remote code execution via command injection. Exploitation notes vary across sources; SRC-2019-0009 indicates user interaction is required (user must open a malicious fil...

Elasticsearch Information Disclosure Vulnerability (CNVD-2020-60336)

Elasticsearch is the Netherlands Elasticsearch company's set of open source distributed RESTful search engine built on Lucene . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. security is one of the data protection components. An information...

Security fix for the ALT Linux 10 package firefox-esr version 60.1.0-alt1

June 26, 2018 Andrey Cherepanov 60.1.0-alt1 - New ESR version 60.1.0. - Fixed: + CVE-2018-12359 Buffer overflow using computed size of canvas element + CVE-2018-12360 Use-after-free when using focus + CVE-2018-12361 Integer overflow in SwizzleData + CVE-2018-12362 Integer overflow in SSSE3 scaler...

Design/Logic Flaw

Checkmarx CxSAST formerly CxSuite before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C code by asserting the 1 System.Security.Permissions.PermissionState.Unrestricted or 2 System.Security.Permissions.SecurityPermissionFlag.AllFlag...

CVE-2013-2048

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...