Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a parameter uncheck...

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

[SECURITY] Fedora 38 Update: podman-tui-0.15.0-1.fc38

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

Honor Magic UI Security Flaw

Honor Magic Ui is an Android-based mobile operating system developed by Chinese company Honor. A security vulnerability exists in Honor Magic UI, which stems from the presence of a permission assignment error vulnerability, successful exploitation of which may lead to information disclosure...

Honor Magic UI Security Flaw

Honor Magic Ui is an Android-based mobile operating system developed by Chinese company Honor. A security vulnerability exists in Honor Magic UI, which stems from the presence of a permission assignment error vulnerability, successful exploitation of which may lead to information disclosure...

Honor Magic UI Security Flaw

Honor Magic Ui is an Android-based mobile operating system developed by Chinese company Honor. A security vulnerability exists in Honor Magic UI, which stems from the presence of a type obfuscation vulnerability, successful exploitation of which may result in a denial of service...

Fedora: Security Advisory (FEDORA-2023-20feb865d8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for podman-tui (FEDORA-2023-cb8c606fbb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

CVE-2021-38927

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322...

PT-2023-14030 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An issue exists in the VM Manager WebUI under the endpoint "/cgi-bin/R19.9/viewlog.pl" via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files due to an Absolute Path...

PT-2023-12342 · Ibm · Ibm Aspera Console

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console version 3.4.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

Code injection

Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...

The vulnerability of Firefox browsers, including Firefox ESR, relates to information representation errors in the user interface, which allows attackers to carry out clickjacking attacks.

The vulnerability of Firefox browsers and Firefox ESR lies in information representation errors at the user interface level. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led t...

HCL Technologies HCL Launch Cross-Site Scripting Vulnerability

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. for handling the most complex deployment processes in DevOps. A security vulnerability exists in HCL Launch that stems from a vulnerability that allows an attacker to...

CVE-2023-47707

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

PT-2023-29653 · Hcl · Hcl Launch

Name of the Vulnerable Software and Affected Versions: HCL Launch affected versions not specified Description: The issue allows a user to embed arbitrary HTML tags in the Web UI, potentially leading to sensitive information disclosure. This is due to an HTML injection vulnerability...

CVE-2023-42015

IBM UrbanCode Deploy UCD 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512...