| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. |
| Permission control vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the AMS module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of improper criterion security check in the card module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. |
| Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Configuration defect vulnerability in the file management module.
Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. |
| Permission control vulnerability in the Wi-Fi module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the App Lock module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the startup recovery module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| Permission control vulnerability in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. |
