Design/Logic Flaw

Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity...

Code injection

The DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability...

Privilege escalation

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability...

Design/Logic Flaw

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

Design/Logic Flaw

Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality...

Denial of service

Denial of Service DoS vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability...

Design/Logic Flaw

Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability...

Design/Logic Flaw

Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity...

Design/Logic Flaw

Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

Design/Logic Flaw

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device...

Design/Logic Flaw

The iaware module has a Use-After-Free UAF vulnerability. Successful exploitation of this vulnerability may affect the system functions...

Design/Logic Flaw

Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally...

Improper access control

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

Security feature bypass

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

Security feature bypass

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

Security feature bypass

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

Code injection

launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability...

Design/Logic Flaw

The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability...

Authorization

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

Buffer overflow

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

Remote code execution

This High severity Remote Code Execution RCE vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker t...

Remote code execution

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

Template injection

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

Remote code execution

This High severity Remote Code Execution RCE vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker ...

Remote code execution

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high...

Design/Logic Flaw

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity...

Design/Logic Flaw

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service DoS condition...

Design/Logic Flaw

An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component...

Design/Logic Flaw

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface...

Design/Logic Flaw

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

Input validation

An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code...

Cross site scripting

Emlog Pro v2.1.14 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/article.php?action=write...

Sql injection

SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component...

Design/Logic Flaw

Alinto SOGo before 5.9.1 is vulnerable to HTML Injection...

Default credentials

Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent component.This issue affects Hitachi Device Manager: before 8.8.5-04...

Design/Logic Flaw

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent modules.This issue affects Hitachi Device Manager: before 8.8.5-04...

Sql injection

SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module...

Information disclosure

An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component...

Design/Logic Flaw

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows Hitachi Tuning Manager server component allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04...

Design/Logic Flaw

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape...

Integer overflow

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

Design/Logic Flaw

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

Sql injection

A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtmlfreelistaction.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

Cross site scripting

Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...

Open redirect

Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirecturi' parameter...

Cross site scripting

A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

Cross site scripting

Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...

Cross site scripting

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...

Sql injection

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin...

Design/Logic Flaw

The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings...