| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. |
| Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. |
| The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. |
| Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. |
| The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
| Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input.
The org.apache.sling.commons.json bundle has been deprecated as of March
2017 and should not be used anymore. Consumers are encouraged to
consider the Apache Sling Commons Johnzon OSGi bundle provided by the
Apache Sling project, but may of course use other JSON libraries.
|
| The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability. |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. |
| All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.
|
| Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server. |
| In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. |
