| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
| Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. |
| AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
| The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
| Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
| The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
| Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
| The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. |
| Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015 |
| VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. |
| VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. |
| The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. |
| An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. |
| VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. |
