SKYLARK HOLDINGS CO., LTD. Security Vulnerabilities

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-1932-1)

The remote host is missing an update for the...

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SUSE: Security Advisory (SUSE-SU-2021:1933-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:14546-1)

The remote host is missing an update for...

Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process....

SUSE: Security Advisory (SUSE-SU-2021:1932-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3457-1)

The remote host is missing an update for...

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...

SUSE: Security Advisory (SUSE-SU-2021:1929-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3373-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3372-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3514-1)

The remote host is missing an update for...

Debian: Security Advisory (DSA-3735-1)

The remote host is missing an update for the...

SUSE: Security Advisory (SUSE-SU-2021:1930-1)

The remote host is missing an update for...

talent500.co Cross Site Scripting vulnerability OBB-3757667

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Mageia: Security Advisory (MGASA-2019-0354)

The remote host is missing an update for...

Debian: Security Advisory (DLA-1807-1)

The remote host is missing an update for the...

Mageia: Security Advisory (MGASA-2016-0428)

The remote host is missing an update for...

Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for....

Debian: Security Advisory (DLA-1801-1)

The remote host is missing an update for the...

Mageia: Security Advisory (MGASA-2022-0376)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0046)

The remote host is missing an update for...

Debian: Security Advisory (DSA-2902-1)

The remote host is missing an update for the...

Slackware: Security Advisory (SSA:2008-180-01)

The remote host is missing an update for...

Command Execution Vulnerability in SuperMap iPortal of Beijing SuperMap Software Co.

SuperMap iPortal is a GIS portal platform for cloud computing, which enables the integration, discovery, sharing and management of various GIS resources such as maps, services, scenes and data, and also monitors multiple GIS servers within the organization to ensure the safe and stable operation...

Debian: Security Advisory (DLA-3624-1)

The remote host is missing an update for the...

Weak Password Vulnerability in MSG3100 at Resconda Technology Development Co.

MSG3100 is a box-type IP PBX product for government and enterprise customers, applicable to enterprises with less than 300 people, adopting 1U box-type design, used at the interface between enterprise internal network and access network, to meet the business needs of enterprise voice and data....

Unauthorized Access Vulnerability in ShopXO of Shanghai Zongzig Technology Co.

ShopXO is enterprise-level B2C open source e-commerce system. Ltd. ShopXO has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...

Debian: Security Advisory (DSA-2533-1)

The remote host is missing an update for the...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24 [1496250]...

Mageia: Security Advisory (MGASA-2022-0357)

The remote host is missing an update for...

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not...

Debian: Security Advisory (DSA-2736-1)

The remote host is missing an update for the...

SUSE: Security Advisory (SUSE-SU-2018:2051-1)

The remote host is missing an update for...

CVE-2024-23685 FOLIO mod-remote-storage Hard Coded Credentials

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and...

Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...

CVE-2023-51767

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

CVE-2023-51059

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

CVE-2023-51059

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...

Mageia: Security Advisory (MGASA-2021-0272)

The remote host is missing an update for...

Unauthorized access vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2023-61163)

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-00987)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

Arbitrary File Read Vulnerability in Damon Qizi Conference Data Visualization System (DMQZDV Experience Edition) of Wuhan Damon Database Co.

Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...

Debian: Security Advisory (DLA-1771-1)

The remote host is missing an update for the...

CVE-2023-7077

Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in....

Design/Logic Flaw

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

Unauthorized Access Vulnerability in the MEGVII Face Recognition Passing Platform of Beijing Kuangyi Technology Co.

Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...