| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. |
| Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. |
| An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none. |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. |
| Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability. |
| Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. |
| Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. |
| The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. |
| Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed |
| In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. |
| The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not." |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
| An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. |
| An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product." |
| An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product." |