Ricoh Company, Ltd. Security Vulnerabilities

Nethserver 7 / 8 Cross Site Scripting

...

CVE-2021-31678

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's...

Exploit for CVE-2024-25733

ARC Browser Address Bar Spoofing - iOS/iPadOS...

ORing IAP-420 2.01e Cross Site Scripting / Command Injection Vulnerabilities

...

CVE-2023-30789

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting...

CVE-2023-32071

XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName...

CVE-2024-1395 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....

CVE-2024-1395

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....

ORing IAP-420 2.01e Cross Site Scripting / Command Injection

...

TeamViewer Confirms Security Breach by Russian Midnight Blizzard

TeamViewer reassures users after a security breach targeted an employee account. The company claims no customer data...

VMware vRealize Business Web UI Detection

The remote web server is running the web UI for VMware vRealize Business, an IT financial management...

CVE-2023-28574 Improper Input Validation in Core

Memory corruption in core services when Diag handler receives a command to configure event...

CVE-2024-33335

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted...

CVE-2023-33090

Transient DOS while processing channel information for speaker protection v2 module in...

CVE-2023-33090 Buffer Over-read in Audio

Transient DOS while processing channel information for speaker protection v2 module in...

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements.....

CVE-2023-33063 Use After Free in DSP Services

Memory corruption in DSP Services during a remote call from HLOS to...

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the...

CVE-2024-33335

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted...

CVE-2024-33335

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted...

CVE-2024-33335

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted...

osCommerce 4 Cross Site Scripting

...

CVE-2023-33045 Buffer Copy Without Checking Size of Input in WLAN Firmware

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3...

CVE-2023-28571 Buffer Over-read in WLAN HOST

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming...

CVE-2023-33078

Information Disclosure while processing IOCTL request in...

CVE-2023-33090 Buffer Over-read in Audio

Transient DOS while processing channel information for speaker protection v2 module in...

apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: The%s verb was.....

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33048 Buffer over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33026 Buffer over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing a NAN management...

The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The...

CVE-2022-40512 Buffer over-read in WLAN Firmware.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or...

CVE-2023-33027 Buffer Over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-24847

Transient DOS in Modem while allocating DSM...

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services...

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3...

CVE-2023-28571

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming...

CVE-2023-28571 Buffer Over-read in WLAN HOST

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming...

CVE-2023-33078 Buffer Over-read in DSP Services

Information Disclosure while processing IOCTL request in...

CVE-2023-33048 Buffer over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to...

CVE-2023-33063 Use After Free in DSP Services

Memory corruption in DSP Services during a remote call from HLOS to...

CVE-2023-33106 Use of Out-of-range Pointer Offset in Graphics

Memory corruption while submitting a large list of sync points in an AUX command to the...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...