| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. |
| There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. |
| The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. |
| The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. |
| HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. |
| The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. |
| A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| kimai2 is vulnerable to Improper Access Control |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| showdoc is vulnerable to URL Redirection to Untrusted Site |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| vim is vulnerable to Heap-based Buffer Overflow |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. |
