The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates...
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. Date published : 2022-05-13 https://github.com/201206030/novel-plus/issues/62
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. Date published : 2022-05-13 Version 8.20.0 released – Security Update! https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. Date published : 2022-05-13 Version 8.20.0 released – Security Update! https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. Date published : 2022-05-13 Version 8.20.0 released – Security Update! https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. Date published : 2022-05-13 Version 8.20.0 released – Security Update! https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. Date published : 2022-05-13 https://www.br-automation.com/downloads_br_productcatalogue/assets/1625405588264-en-original-1.0.pdf
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. Date published : 2022-05-13 https://github.com/badboycxcc/XSS
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. Date published : 2022-05-13 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-6.md
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. Date published : 2022-05-13 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-5.md
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. Date published : 2022-05-13 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-4.md
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. Date published : 2022-05-13 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-1.md