CVE-2020-9236

Huawei FusionCompute is affected by CVE-2020-9236 (improper interface design). The vulnerability stems from a design flaw in the module interface that can allow attackers to perform malicious operations and compromise the module service. Affected product/version: Huawei FusionCompute, with versio...

CVE-2020-9222

CVE-2020-9222 affects Huawei FusionCompute. The vulnerability is a privilege-escalation issue caused by insufficient verification of specific files during deserialization, enabling local attackers to elevate permissions. Affected product/component: Huawei FusionCompute; root cause: improper deser...

CVE-2020-9211

CVE-2020-9211 refers to an out-of-bounds read/write vulnerability in Huawei smartphones. The issue arises because a module does not sufficiently verify input, enabling denial of service through crafted configuration changes. Affected product: Huawei smartphone software; root cause: inadequate inp...

CVE-2020-9082

CVE-2020-9082 is described across multiple sources as an information-disclosure vulnerability in smartphones caused by a logic-judgment error that, if an attacker gains ADB access, enables operations on the device and access to data from apps protected by Applock. The core impact is information e...

CVE-2020-9081

CVE-2020-9081 affects Huawei smartphones with an improper authorization vulnerability that could allow bypassing app lock when performing a series of operations in a specific mode. The issue is associated with HWPSIRT-2019-12144. Public documents describe the affected product class as Huawei smar...

CVE-2020-9080

CVE-2020-9080 affects Huawei smartphone products. The issue is an improper privilege management vulnerability allowing a local, authenticated attacker to craft specific input to achieve local privilege escalation. CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, LOW...

CVE-2022-21505

In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...

CVE-2022-21505

CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...

TreasureHunt 注入漏洞

TreasureHunt is a TreasureHuntGame open source automated problem generation tool and challenge-based competition for teaching computer security. An injection vulnerability exists in TreasureHunt version 963e0e0 and prior versions, which stems from the fact that incorrect manipulation of the...

CVE-2022-32203

CVE-2022-32203 describes a command-injection vulnerability in Huawei terminal printer products. The issue allows high-privilege code execution on the printer after exploitation over the network (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is described as insufficient...

CVE-2022-32144

CVE-2022-32144 concerns Huawei’s Huawei CV81-WDM FW with an Insufficient Input Validation vulnerability. The core issue is input validation failing in Huawei products, enabling potential network-based abuse that could cause service abnormality. CNVD/ CNNVD/PTSecurity references identify Huawei CV...

CVE-2020-9250

CVE-2020-9250 describes an insufficient authentication vulnerability in some Huawei smartphones (HWPSIRT-2019-12302). An unauthenticated, local attacker can craft a software package to exploit due to insufficient verification, potentially impacting the service. Affected product: Huawei smartphone...

CVE-2024-2201

CVE-2024-2201 describes a cross-privilege Spectre v2 vulnerability affecting Linux kernels on Intel systems, enabling a local attacker to bypass mitigations (including Fine IBT) and potentially leak arbitrary kernel memory. The issue is grounded in the kernel’s handling of Spectre v2 defenses and...

CVE-2024-45818

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the virtual VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulatin...

CVE-2021-26115

CVE-2021-26115 describes an OS command injection in FortiWAN up to version 4.5.7 (and earlier) affecting the FortiWAN Command Line Interface. The flaw allows a local, authenticated, unprivileged attacker to escalate privileges to root by executing a specially crafted command due to improper input...

CVE-2020-12820

Affected software: FortiOS 6.0.10 and below and 5.6.12 and below, with the issue in the FortiClient NAC daemon (fcnacd). Root cause: stack-based buffer overflow under non-default configurations could be triggered by a large FortiClient file name, when an attacker is authenticated to the SSL VPN. ...

CVE-2020-12819

FortiGate SSL VPN vulnerability CVE-2020-12819 is a heap-based buffer overflow in the handling of Link Control Protocol (LCP) messages. A remote attacker with valid SSL VPN credentials could crash the SSL VPN daemon by sending a large LCP packet when tunnel mode is enabled. Arbitrary code executi...

CVE-2024-35141

CVE-2024-35141 affects IBM Security Verify Access Docker 10.0.0–10.0.6. Root cause: execution of unnecessary privileges enables local privilege escalation. Impact: local attacker could escalate privileges (high). IBM bulletins indicate fixes in 10.0.7/FP0 or later; remediation is to upgrade to th...

CVE-2022-33954

IBM Robotic Process Automation (RPA) versions 21.0.1–21.0.3 are affected by CVE-2022-33954 due to insufficient protection of credentials, allowing a user with physical access to obtain sensitive information. The vulnerability stems from weak credential protection mechanisms and can lead to inform...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 is affected by CVE-2021-39081, due to weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The issue impact is limited to the Android app and could affect confidentiality (C: High) with no integrity/av...