| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. |
| The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. |
| A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. |
| HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. |
| A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211. |
| There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. |
| A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00). |
| xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file. |
| In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
|
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
|
| The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. |
| A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. |
| An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. |
| Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. |
| Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. |
| In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. |
