25 matches found
EUVD-2006-6472
Malware in sbrugna...
EUVD-2020-12674
Malware in sbrugna...
CVE-2024-41984
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications...
CVE-2024-41984
CVE-2024-41984 affects SmartClient modules Opcenter QL Home, SOA Audit, and SOA Cockpit (SC) with versions 13.2–2505. The root cause is improper error handling when accessing an inaccessible resource, which can expose system applications. Affected products expose limited information due to error ...
CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity...
CVE-2022-20399
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
SAP KMC WPC 安全漏洞
SAP KMC WPC is a combination of enterprise content management and web publishing components from SAP. An information disclosure vulnerability exists in SAP KMC WPC, which can be exploited by an attacker to retrieve a user name via a simple parameter query, resulting in the disclosure of sensitive...
Design/Logic Flaw
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
CVE-2023-6660 NFS client data corruption and kernel memory disclosure
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
FreeBSD -- NFS client data corruption and kernel memory disclosure
Problem Description: In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of IOAPPEND writes, that is, writes which add data to the end of a file and so extend its size. This uncovered an old bug in some routines which copy userspace data into the kernel. The bug also...
CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity...
How to instrument system applications on Android stock images
By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how to do it on an...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in the Google Android RestrictionsManager component that stems from a privilege bypass with a possible method to send broadcasts that should be restricted to system...
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...
Huawei HarmonyOS Input Validation Error Vulnerability (CNVD-2021-99964)
Huawei HarmonyOS is an operating system from Huawei, China. An input validation error vulnerability exists in the System Applications module of Huawei HarmonyOS, which provides a microkernel-based, full-scenario distributed operating system. The vulnerability stems from the program's inability to...
Huawei HarmonyOS 输入验证错误漏洞
Huawei HarmonyOS is an operating system from Huawei, China. An input validation error vulnerability exists in the System Applications module of Huawei HarmonyOS, which provides a microkernel-based, full-scenario distributed operating system. The vulnerability stems from the program's inability to...
ZXV10 B860H 安全漏洞
The ZTE ZXV10 B860H is a network set-top box from China's ZTE Corporation ZTE. A security vulnerability exists in the ZXV10 B860H, which can be exploited by an attacker due to insufficient protection of system applications may be exploited to tamper with the system desktop and affect system...
CVE-2020-1848
There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185C00R2P1. Local attackers construct malicious application files, causing system applications to run abnormally...
SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2020-52934)
SAP NetWeaver is an integrated application platform based on professional standards that dramatically reduces the complexity of system integration. Its components include portals, application servers, business intelligence solutions as well as system integration and data integration technologies....
Microsoft Azure Sphere uid_map UID uniqueness privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the uidmap functionality of Microsoft Azure Sphere 20.06. A specially crafted uidmap file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uidmap file to trigger this...