Japan Total System Co.,ltd. Security Vulnerabilities

android source bug. in function avrc_msg_cback of avrc_api.cc

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

[Bluetooth information disclosure vulnerability when processing AVCT_CMD of AVRC_OP_SUB_INFO]

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-42323

Azure RTOS Information Disclosure...

Unix Operating System Unsupported Version Detection

According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

Microsoft System Center Virtual Machine Manager Installed

System Center Virtual Machine Manager is installed on the remote Windows host. This application is used to manage virtualization hosts and their...

Some fields of the android.net.wifi.hotspot2.pps.Policy class are not validated correctly, which can lead to a fatal system crash when deserialization during OS boot

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

[HIDL] libfmq security bug - a client may cause misaligned store and/or buffer overrun

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

Bluetooth security notice (VU#799380.7 TLP:AMBER)

In btm_sec_pin_code_request of btm_sec.cc, there is a possible bypass of Bluetooth pairing pin-code due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...

Memory overflow in btm_scn of bluetooth

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Out of bound write in avrc_ctrl_pars_vendor_cmd of bluetooth avrc_pars_tg

In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...

[some bugs while processsing hidl buffer object will cause arbitrarily-address-reading problem]

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[GWP-ASan] Use after free in bluetooth (sdp)

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Crafted AVRCP Ctrl Response Packet Causes Out-of-bounds Read in Bluetooth]

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Bluetooth information disclosure vulnerability in avrc_proc_vendor_command]

In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

bluetooth stack use after free, we have already implement a remote code execution

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Exploit for Expression Language Injection in Vmware Spring Cloud Function

CVE-2022-22963 CVE-2022-22963...

(RHSA-2024:3323) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

(RHSA-2024:3325) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

(RHSA-2024:3322) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

(RHSA-2024:3321) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

UAF problem found in wificond

In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

SonicWall Global Management System (GMS) Web Interface Detection

The web interface for a SonicWall Global Management System (GMS) was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain build information from the virtual appliance status...

(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

Android com.android.bluetooth Use-After-Free in btm_sec_connected and btm_sec_disconnected

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Use after free in libbluetooth.so

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

DotNetNuke Cookie Deserialization Remote Code Excecution

This module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Microsoft Brokering File System Elevation of Privilege Vulnerability

...

Kaseya Virtual System Administrator Multiple Vulnerabilities - Active Check

Kaseya Virtual System Administrator is prone to multiple...

libvirt vulnerabilities

Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled...

Selinux Fix to allow CTS Listening Ports Test to work android.appsecurity.cts.ListeningPortsTest#testNoRemotelyAccessibleListeningUdpPorts

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

W3 Total Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The W3 Total Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

Exploit for Expression Language Injection in Atlassian Confluence Data Center

......

CVE-2024-29799 WordPress WP Fast Total Search plugin <= 1.59.211 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through...

Operating System (OS) Detection (Telnet)

Telnet banner based Operating System (OS)...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs

Access Restriction Bypass in go-ipfs in...

(RHSA-2024:3264) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....

Attackers may able to persist arbitrary files in ART APEX Dalvik cache when the system is compromised

In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...

Microsoft System Center Operations Manager XSS Vulnerabilities (2748552)

This host is missing an important security update according to Microsoft Bulletin...

CVE-2024-0153

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If....

CVE-2024-26258

OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...

CVE-2024-0153 Mali GPU Firmware allows improper GPU processing operations

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If....

OOB Write in NFC stack when handling MIFARE Classic TLVs

In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-5580

A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-0153

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If....

CVE-2024-6418 SourceCodester Medicine Tracker System sql injection

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...