The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-18121 | A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | MEDIUM | Sep 2, 2021 |
| CVE-2019-6140 | A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. | High | Apr 11, 2019 |
| CVE-2021-42761 | A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. | -- | Feb 16, 2023 |
| CVE-2021-36181 | A concurrent execution using shared resource with improper Synchronization vulnerability (\'Race Condition\') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | LOW | Nov 4, 2021 |
| CVE-2020-29014 | A concurrent execution using shared resource with improper synchronization (\'race condition\') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. | MEDIUM | Jul 10, 2021 |
| CVE-2023-23597 | A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | -- | Jan 18, 2023 |
| CVE-2019-11741 | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user\'s Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. | MEDIUM | Oct 2, 2019 |
| CVE-2021-26371 | A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | -- | May 9, 2023 |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | MEDIUM | Oct 18, 2018 |
| CVE-2019-11765 | A compromised content process could send a message to the parent process that would cause the \'Click to Play\' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the \'Click to Play\' permission. This vulnerability affects Firefox < 70. | MEDIUM | Jan 13, 2020 |
| CVE-2024-0748 | A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | -- | Jan 23, 2024 |
| CVE-2023-5168 | A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | -- | Sep 29, 2023 |
| CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | -- | Oct 5, 2023 |
| CVE-2021-24001 | A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. | MEDIUM | Jun 24, 2021 |
| CVE-2019-25136 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | -- | Jun 20, 2023 |
| CVE-2021-22385 | A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | HIGH | Aug 10, 2021 |
| CVE-2021-22386 | A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges. | MEDIUM | Aug 10, 2021 |
| CVE-2021-22466 | A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. | LOW | Oct 28, 2021 |
| CVE-2021-22463 | A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. | LOW | Oct 28, 2021 |
| CVE-2021-22470 | A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. | MEDIUM | Oct 28, 2021 |
| CVE-2021-22326 | A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. | MEDIUM | Jun 30, 2021 |
| CVE-2021-22295 | A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. | LOW | Aug 6, 2021 |
| CVE-2021-22423 | A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | HIGH | Aug 3, 2021 |
| CVE-2021-22464 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. | MEDIUM | Oct 28, 2021 |
| CVE-2021-22469 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. | LOW | Oct 28, 2021 |
| CVE-2021-22459 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable. | LOW | Oct 28, 2021 |
| CVE-2021-22471 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | LOW | Oct 28, 2021 |
| CVE-2021-22462 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. | LOW | Oct 28, 2021 |
| CVE-2021-22424 | A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. | MEDIUM | Aug 3, 2021 |
| CVE-2021-22455 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. | LOW | Oct 28, 2021 |
| CVE-2021-22451 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | MEDIUM | Oct 28, 2021 |
| CVE-2021-22422 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | HIGH | Aug 3, 2021 |
| CVE-2021-22418 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | HIGH | Aug 3, 2021 |
| CVE-2021-22419 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. | MEDIUM | Aug 3, 2021 |
| CVE-2021-22460 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. | LOW | Oct 28, 2021 |
| CVE-2021-22450 | A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | MEDIUM | Oct 28, 2021 |
| CVE-2021-22458 | A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | MEDIUM | Oct 28, 2021 |
| CVE-2021-22421 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | HIGH | Aug 3, 2021 |
| CVE-2021-22376 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. | HIGH | Jun 30, 2021 |
| CVE-2021-22467 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. | LOW | Oct 28, 2021 |
| CVE-2021-22452 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. | LOW | Oct 29, 2021 |
| CVE-2021-22457 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. | LOW | Oct 28, 2021 |
| CVE-2021-22453 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | LOW | Oct 29, 2021 |
| CVE-2021-22465 | A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | LOW | Oct 28, 2021 |
| CVE-2021-22420 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | HIGH | Aug 3, 2021 |
| CVE-2021-22454 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | LOW | Oct 28, 2021 |
| CVE-2021-22468 | A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | LOW | Oct 28, 2021 |
| CVE-2021-22425 | A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | HIGH | Aug 3, 2021 |
| CVE-2021-22456 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | LOW | Oct 28, 2021 |
| CVE-2021-22417 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. | MEDIUM | Aug 3, 2021 |
