CVE-2024-56443

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-56443

CVE-2024-56443 describes a cross-process screen stack vulnerability in Huawei HarmonyOS UIExtension module. The available documents identify the affected component as the UIExtension module and indicate impact to service confidentiality if exploited. The CVSS data shows high confidentiality impac...

CVE-2024-56436

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Huawei HarmonyOS UIExtension Module Cross-Process Screen Stack Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the Huawei HarmonyOS UIExtension module, which can be exploited by attackers to compromise confidentiality...

CVE-2024-54119

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-54117

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-54110

CVE-2024-54110 describes a cross-process screen stack vulnerability in Huawei HarmonyOS’s UIExtension module. Available documents indicate potential confidentiality impact, but do not specify affected versions, root cause details, exploit status, or a fix. Monitor Huawei security bulletins for re...

CVE-2024-54104

Huawei HarmonyOS UIExtension cross-process page/screen stacking vulnerability affects the UIExtension module, with potential confidentiality impact. Root cause described as cross-process stacking, but explicit exploit details, affected versions, and a patch/fix are not provided across the connect...

GStreamer 安全漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A security vulnerability exists in GStreamer that stems from an uninitialized stack variable vulnerability found in the gstmatroskademuxaddwvpkheader function in matroska-demux.c. The vulnerability is...

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 go/parser: golang: Calling any of the...

KB5043083: Windows 10 LTS 1507 Security Update (September 2024)

The remote Windows host is missing security update 5043083. It is, therefore, affected by multiple vulnerabilities - Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 initial...

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message

A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerabili...

Tenda AC10U fromWizardHandle method stack buffer overflow vulnerability

Tenda AC10U is a dual-band Gigabit wireless router from Tenda Technology, designed for 200 megabit and above fiber optic homes, supporting 802.11ac dual-band technology 2.4GHz and 5GHz, with a theoretical WiFi rate of up to 867Mbps. The Tenda AC10U suffers from a stack buffer overflow vulnerabili...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

CVE-2024-21502 affects the fastecdsa library prior to 2.3.2. The root cause is a Use of Uninitialized Variable on the stack in the curvemath_mul function (src/curveMath.c), where a value is interpreted as a user-defined type. Depending on the value, an attacker-controlled stack can cause arbitrar...

PT-2023-31891 · Unknown · Bacnet Stack

Name of the Vulnerable Software and Affected Versions: BACnet Stack versions prior to 1.3.2 Description: The issue is related to a decode function APDU buffer over-read in the bacapp decode application data function in bacapp.c. This over-read occurs in versions of the BACnet Stack before 1.3.2...

EUVD-2023-58447

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF...

Ubuntu: Security Advisory (USN-6444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...