EUVD-2021-34126

Malicious code in bioql PyPI...

CVE-2025-0087

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0087

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-6788

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password...

CVE-2024-28135

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected...

CVE-2023-43532

Memory corruption while reading ACPI config through the user mode app...

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-4289

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component...

Cross site scripting

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component...

CVE-2021-4289 OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component...

CVE-2021-4289 OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component...

OpenMRS 跨站脚本漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. OpenMRS openmrs-module-referenceapplication A cross-site scripting vulnerability exists in OpenMRS openmrs-module-referenceapplication versions prior to 2.12.0, which originates in the component Us...

PT-2022-11734 · Openmrs · Openmrs

Name of the Vulnerable Software and Affected Versions: OpenMRS openmrs-module-referenceapplication versions up to 2.11.x Description: A vulnerability was found in the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of...

AMD System Management Unit 信息泄露漏洞

The AMD System Management Unit SMU is a system management unit of AMD Corporation. A security vulnerability exists in the AMD System Management Unit that originates from the use of a malicious or corrupted user application UApp or AGESA bootloader ABL to filter arbitrary memory from the ASP stage...

Cross site scripting

Cross-site scripting XSS vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...