Prior to version 1.2.0, there is a potential for a mutation cross-site scripting vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized.
A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously crafted requests that would crash the ObjectNode and deny other users from using it.
The root case of the vulnerability was that CubeFS used raw string comparison of passwords.
The vulnerability has been patched in v3.3.1.
Published 2023-12-29 CVSS Score 5.5 Source & Patch Info CVE-2023-514313836d913-7555-4dd0-a509-f5667fdf5fe4 PrimaryVendor - Product hihonor - vmall Description Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak Published 2023-12-29 CVSS Score 5.5 Source & Patch Info CVE-2023-234373836d913-7555-4dd0-a509-f5667fdf5fe4 PrimaryVendor - Product hitachi energy - multiple products Description A vulnerability exists in the Relion update package signature validation.
An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package.
The vulnerability results from lack of protection for sensitive information during transmission.
Qcalagent Description An OS command injection vulnerability has been reported to affect QcalAgent.
If exploited, the vulnerability could allow authenticated users to execute commands via a network.
Qts/quts hero Description An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
Qumagie Description A cross-site scripting vulnerability has been reported to affect QuMagie.
If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
Video station Description A SQL injection vulnerability has been reported to affect Video Station.
If exploited, the vulnerability could allow users to inject malicious code via a network.
Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view component gem.
Cn PrimaryVendor - Product zte - zxcloud irai Description There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.
Cn PrimaryVendor - Product zte - zxcloud irai Description There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
Cn PrimaryVendor - Product zte - zxcloud irai Description There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.
Cn PrimaryVendor - Product zte - zxcloud irai Description There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
This Cyber News was published on www.cisa.gov. Publication date: Mon, 08 Jan 2024 20:43:03 +0000