Code injection

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

CVE-2019-18619

The CVE-2019-18619 entry concerns the synaTee component of Synaptics Fingerprint (WBF) drivers that use Intel SGX. All versions prior to 2019-11-15 are affected. The root cause is incorrect parameter validation that allows a local attacker to execute arbitrary code inside the SGX enclave by passi...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

CVE-2020-9255

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178C00E178R1P4 have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application,...

CVE-2020-9259

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

Authentication flaw

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

CVE-2020-7826

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the...

CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

Huawei Honor V30 Inappropriate Authentication Vulnerability

Huawei Honor V30 is a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor V30 10.1.0.212 C00E210R5P1, which stems from the program's failure to properly validate parameters. An attacker can exploit the vulnerability with the help of ...

Huawei Honor 10 Denial of Service Vulnerability

Huawei Honor 10 is a smartphone product from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor 10 10.0.0.178 C00E178R1P4, which stems from the program failing to properly validate parameters. An attacker can exploit the vulnerability to cause a...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-52407)

Huawei IPS Module and others are products of Huawei, China.Huawei IPS Module is an Intrusion Prevention System IPS module.NGFW Module is a Next-Generation Firewall NGFW module.Secospace USG6600 is a Next-Generation Firewall product. A buffer overflow vulnerability exists in multiple Huawei...

IBM WebSphere Application Server and Liberty Information Disclosure Vulnerability

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of IBM Corporation in the U.S. IBM WebSphere Application Server is an application server product. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM...

Mitel Networks MiVoice Connect UCB Component Code Execution Vulnerability

Mitel Networks MiVoice Connect is Mitel Networks Canada's software for centralized management of Mitel Networks' call handling and collaboration tools. A remote code execution vulnerability exists in the UCB component of Mitel Networks MiVoice Connect prior to version 19.1 SP1, which stems from...

CVE-2020-10514

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command...

OS Command Injection

strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the nginxCmd function...

Rivet Killer Control Center Elevation of Privilege Vulnerability

Rivet Killer Control Center is a computer performance optimization and control software. The program mainly supports application checking and setting priorities. A security vulnerability has been identified in Rivet Killer Control Center, Rivet Killer Control Center before 2.1.1352.IOCTL 0x120004...

Huawei Honor V10 Buffer Overflow Vulnerability

Huawei Honor V10 is a smartphone product from Chinese company Huawei Huawei. A buffer overflow vulnerability exists in Huawei Honor V10 versions prior to BKL-AL20 10.0.0.156 C00E156R2P4 and prior to BKL-L09 10.0.0.146 C432E4R1P4, which stems from a failure to adequately validate incoming...

CVE-2014-5138

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

Design/Logic Flaw

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

CVE-2014-5138

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...