Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2026-02-24 | 6.4 MEDIUM | 7.7 HIGH |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | |||||
| CVE-2025-58287 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 7.8 HIGH |
| Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-58288 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 5.5 MEDIUM |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-10941 | 2025-09-30 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability". | |||||
| CVE-2025-8797 | 1 Litmuschaos | 1 Litmus | 2025-09-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54618 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.7 MEDIUM |
| Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54624 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.7 MEDIUM |
| Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6765 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-53168 | 1 Huawei | 1 Harmonyos | 2025-08-12 | N/A | 5.7 MEDIUM |
| Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness. | |||||
| CVE-2024-13189 | 1 Zerowdd | 1 Myblog | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-8153 | 1 Huawei | 1 Vmall | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. | |||||
| CVE-2017-2694 | 1 Huawei | 1 Vmall | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. | |||||
| CVE-2016-4924 | 1 Juniper | 1 Junos | 2025-04-20 | 1.7 LOW | 8.4 HIGH |
| An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 | |||||
| CVE-2016-8214 | 1 Emc | 2 Avamar Data Store, Avamar Virtual Edition | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||||
| CVE-2016-0394 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | |||||
| CVE-2016-3022 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
| CVE-2016-4288 | 1 Bluestacks | 1 Bluestacks | 2025-04-20 | 7.2 HIGH | 8.4 HIGH |
| A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. | |||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | |||||
| CVE-2016-2406 | 1 Huawei | 1 Document Security Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. | |||||