| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22423 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | ||
| CVE-2021-22422 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | ||
| CVE-2021-22421 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | ||
| CVE-2021-22420 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | ||
| CVE-2021-22418 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | ||
| CVE-2021-22416 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | ||
| CVE-2019-14453 | Hig | 0.57 | 8.8 | 0.01 | Aug 3, 2021 | An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the… | ||
| CVE-2021-32814 | Hig | 0.00 | 8.8 | 0.02 | Aug 3, 2021 | Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched… | ||
| CVE-2021-37557 | Hig | 0.60 | 8.8 | 0.29 | Aug 3, 2021 | A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | ||
| CVE-2021-37556 | Hig | 0.02 | 8.8 | 0.29 | Aug 3, 2021 | A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end… | ||
| CVE-2021-36763 | Hig | 0.49 | 7.5 | 0.01 | Aug 3, 2021 | In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | ||
| CVE-2021-33486 | Hig | 0.49 | 7.5 | 0.01 | Aug 3, 2021 | All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | ||
| CVE-2021-31504 | Hig | 0.51 | 7.8 | 0.01 | Aug 3, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a… | ||
| CVE-2021-31503 | Hig | 0.51 | 7.8 | 0.01 | Aug 3, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a… | ||
| CVE-2021-32772 | Hig | 0.57 | 8.8 | 0.02 | Aug 3, 2021 | Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from… | ||
| CVE-2021-31630 | Hig | 0.59 | 8.8 | 0.27 | Aug 3, 2021 | Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | ||
| CVE-2021-27954 | Hig | 0.53 | 8.2 | 0.01 | Aug 3, 2021 | A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial… | ||
| CVE-2021-27953 | Hig | 0.49 | 7.5 | 0.02 | Aug 3, 2021 | A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request. | ||
| CVE-2021-21553 | Hig | 0.47 | 7.3 | 0.00 | Aug 3, 2021 | Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading… | ||
| CVE-2021-32811 | Hig | 0.42 | 7.5 | 0.02 | Aug 2, 2021 | Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and… | ||
| CVE-2021-34637 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2021 | The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. | ||
| CVE-2021-34632 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2021 | The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | ||
| CVE-2021-34628 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2021 | The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including… | ||
| CVE-2021-27943 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV… | ||
| CVE-2021-21866 | Hig | 0.51 | 7.8 | 0.02 | Aug 2, 2021 | A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a… | ||
| CVE-2021-21865 | Hig | 0.51 | 7.8 | 0.01 | Aug 2, 2021 | A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to… | ||
| CVE-2021-21864 | Hig | 0.51 | 7.8 | 0.02 | Aug 2, 2021 | A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a… | ||
| CVE-2021-37848 | Hig | 0.00 | 7.5 | 0.02 | Aug 2, 2021 | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | ||
| CVE-2021-37847 | Hig | 0.00 | 7.5 | 0.02 | Aug 2, 2021 | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | ||
| CVE-2021-35450 | Hig | 0.47 | 7.2 | 0.02 | Aug 2, 2021 | A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute | ||
| CVE-2021-3673 | Hig | 0.49 | 7.5 | 0.02 | Aug 2, 2021 | A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | ||
| CVE-2021-33198 | Hig | 0.49 | 7.5 | 0.03 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||
| CVE-2021-33196 | — | Hig | 0.49 | 7.5 | 0.03 | Aug 2, 2021 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | |
| CVE-2021-33195 | Hig | 0.48 | 7.3 | 0.03 | Aug 2, 2021 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||
| CVE-2021-22447 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22446 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22445 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-29696 | Hig | 0.47 | 7.2 | 0.03 | Aug 2, 2021 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||
| CVE-2021-22443 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access. | ||
| CVE-2021-22442 | Hig | 0.49 | 7.5 | 0.00 | Aug 2, 2021 | There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22428 | Hig | 0.53 | 8.1 | 0.01 | Aug 2, 2021 | There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | ||
| CVE-2021-22427 | Hig | 0.53 | 8.1 | 0.01 | Aug 2, 2021 | There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | ||
| CVE-2021-22415 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code. | ||
| CVE-2021-22414 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22413 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22412 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access. | ||
| CVE-2021-22396 | Hig | 0.51 | 7.8 | 0.00 | Aug 2, 2021 | There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product… | ||
| CVE-2021-22392 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses. | ||
| CVE-2021-22391 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2021 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||
| CVE-2021-22384 | Hig | 0.53 | 8.1 | 0.01 | Aug 2, 2021 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. |
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the…
- risk 0.00cvss 8.8epss 0.02
Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched…
- risk 0.60cvss 8.8epss 0.29
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
- risk 0.02cvss 8.8epss 0.29
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end…
- risk 0.49cvss 7.5epss 0.01
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
- risk 0.49cvss 7.5epss 0.01
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
- risk 0.51cvss 7.8epss 0.01
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- risk 0.51cvss 7.8epss 0.01
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- risk 0.57cvss 8.8epss 0.02
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from…
- risk 0.59cvss 8.8epss 0.27
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
- risk 0.53cvss 8.2epss 0.01
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial…
- risk 0.49cvss 7.5epss 0.02
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.
- risk 0.47cvss 7.3epss 0.00
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading…
- risk 0.42cvss 7.5epss 0.02
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and…
- risk 0.57cvss 8.8epss 0.01
The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.
- risk 0.57cvss 8.8epss 0.01
The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.
- risk 0.57cvss 8.8epss 0.01
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including…
- risk 0.49cvss 7.5epss 0.01
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV…
- risk 0.51cvss 7.8epss 0.02
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…
- risk 0.51cvss 7.8epss 0.01
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to…
- risk 0.51cvss 7.8epss 0.02
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…
- risk 0.00cvss 7.5epss 0.02
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
- risk 0.00cvss 7.5epss 0.02
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
- risk 0.47cvss 7.2epss 0.02
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
- risk 0.49cvss 7.5epss 0.02
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.
- risk 0.49cvss 7.5epss 0.03
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- risk 0.49cvss 7.5epss 0.03
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
- risk 0.48cvss 7.3epss 0.03
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
- risk 0.49cvss 7.5epss 0.01
There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.49cvss 7.5epss 0.01
There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.49cvss 7.5epss 0.01
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.47cvss 7.2epss 0.03
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
- risk 0.49cvss 7.5epss 0.01
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access.
- risk 0.49cvss 7.5epss 0.00
There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.53cvss 8.1epss 0.01
There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.
- risk 0.53cvss 8.1epss 0.01
There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.
- risk 0.49cvss 7.5epss 0.01
There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
- risk 0.49cvss 7.5epss 0.01
There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.49cvss 7.5epss 0.01
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.49cvss 7.5epss 0.01
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.
- risk 0.51cvss 7.8epss 0.00
There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product…
- risk 0.49cvss 7.5epss 0.01
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
- risk 0.49cvss 7.5epss 0.01
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- risk 0.53cvss 8.1epss 0.01
There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.