| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication. |
| An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog. |
| An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations. |
| A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. |
| A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. |
| A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. |
| Resource allocation control failure vulnerability in the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability. |
| There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250. |
| The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it. |
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. |
| Authentication bypass vulnerability in the DSoftBus module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Wasm exception capture vulnerability in the arkweb v8 module
Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. |
| Vulnerability that cards can call unauthorized APIs in the FRS process
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission bypass vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect availability. |
| A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. |
| Vulnerability of uncontrolled system resource applications in the setting module
Impact: Successful exploitation of this vulnerability may affect availability. |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. |
| Vulnerability of improper permission assignment in the note sharing module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Buffer overflow vulnerability in the DFile module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Bypass vulnerability in the device management channel
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |