Total
5263 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-52955 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.5 MEDIUM |
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
CVE-2024-54112 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 5.5 MEDIUM |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-54104 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 6.2 MEDIUM |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-32996 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | N/A | 6.2 MEDIUM |
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2023-52721 | 1 Huawei | 1 Harmonyos | 2024-12-09 | N/A | 6.2 MEDIUM |
The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. | |||||
CVE-2017-9711 | 1 Qualcomm | 46 Mdm9206, Mdm9206 Firmware, Mdm9607 and 43 more | 2024-11-25 | N/A | 6.7 MEDIUM |
Certain unprivileged processes are able to perform IOCTL calls. | |||||
CVE-2024-5465 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.9 MEDIUM |
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 6.2 MEDIUM |
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-21469 | 1 Qualcomm | 448 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 445 more | 2024-11-21 | N/A | 7.3 HIGH |
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | |||||
CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 4.4 MEDIUM |
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | |||||
CVE-2023-42005 | 2024-11-21 | N/A | 7.4 HIGH | ||
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | |||||
CVE-2023-3599 | 1 Best Fee Management System Project | 1 Best Fee Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability. | |||||
CVE-2023-39380 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. | |||||
CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | N/A | 4.7 MEDIUM |
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | |||||
CVE-2023-21641 | 1 Qualcomm | 30 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 27 more | 2024-11-21 | N/A | 6.6 MEDIUM |
An app with non-privileged access can change global system brightness and cause undesired system behavior. | |||||
CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2024-11-21 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | |||||
CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | |||||
CVE-2021-28052 | 1 Hitach | 1 Vantara | 2024-11-21 | N/A | 7.5 HIGH |
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | |||||
CVE-2019-9768 | 1 Thinkst | 1 Canarytokens | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token. | |||||
CVE-2019-9637 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. |