| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26681 | Hig | 0.47 | 7.2 | 0.02 | Feb 23, 2021 | A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying… | ||
| CVE-2021-22651 | Hig | 0.51 | 7.8 | 0.03 | Feb 23, 2021 | When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files,… | ||
| CVE-2021-20198 | Hig | 0.53 | 8.1 | 0.02 | Feb 23, 2021 | A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker… | ||
| CVE-2021-20230 | Hig | 0.42 | 7.5 | 0.01 | Feb 23, 2021 | A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the… | ||
| CVE-2021-20226 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2021 | A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the… | ||
| CVE-2020-25161 | Hig | 0.57 | 8.8 | 0.02 | Feb 23, 2021 | The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | ||
| CVE-2020-16243 | Hig | 0.52 | 7.8 | 0.12 | Feb 23, 2021 | Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||
| CVE-2021-25630 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2021 | "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of… | ||
| CVE-2020-7847 | Hig | 0.48 | 7.4 | 0.01 | Feb 23, 2021 | The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36. | ||
| CVE-2021-3252 | Hig | 0.49 | 7.5 | 0.03 | Feb 23, 2021 | KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an… | ||
| CVE-2020-28429 | — | Hig | 0.53 | 7.3 | 0.63 | Feb 23, 2021 | All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) | |
| CVE-2020-14359 | Hig | 0.48 | 7.3 | 0.01 | Feb 23, 2021 | A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a… | ||
| CVE-2021-22649 | Hig | 0.51 | 7.8 | 0.02 | Feb 23, 2021 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an… | ||
| CVE-2021-22647 | Hig | 0.51 | 7.8 | 0.02 | Feb 23, 2021 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may… | ||
| CVE-2021-22645 | Hig | 0.51 | 7.8 | 0.02 | Feb 23, 2021 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be… | ||
| CVE-2021-22643 | Hig | 0.51 | 7.8 | 0.02 | Feb 23, 2021 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an… | ||
| CVE-2020-29075 | Hig | 0.47 | 7.1 | 0.08 | Feb 23, 2021 | Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF… | ||
| CVE-2020-25690 | Hig | 0.57 | 8.8 | 0.01 | Feb 23, 2021 | An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code.… | ||
| CVE-2021-21157 | Hig | 0.58 | 8.8 | 0.09 | Feb 22, 2021 | Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21156 | Hig | 0.57 | 8.8 | 0.03 | Feb 22, 2021 | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | ||
| CVE-2021-21153 | Hig | 0.57 | 8.8 | 0.01 | Feb 22, 2021 | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | ||
| CVE-2021-21152 | Hig | 0.57 | 8.8 | 0.01 | Feb 22, 2021 | Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21149 | Hig | 0.57 | 8.8 | 0.01 | Feb 22, 2021 | Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | ||
| CVE-2021-26725 | Hig | 0.47 | 7.2 | 0.01 | Feb 22, 2021 | Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC… | ||
| CVE-2021-26724 | Hig | 0.47 | 7.2 | 0.03 | Feb 22, 2021 | OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior… | ||
| CVE-2021-26068 | Hig | 0.57 | 8.8 | 0.03 | Feb 22, 2021 | An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | ||
| CVE-2020-24175 | — | Hig | 0.51 | 7.8 | 0.02 | Feb 22, 2021 | Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling. | |
| CVE-2020-11297 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,… | ||
| CVE-2020-11296 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon… | ||
| CVE-2020-11287 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2020-11282 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,… | ||
| CVE-2020-11281 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2020-11280 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon… | ||
| CVE-2020-11278 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon… | ||
| CVE-2020-11277 | Hig | 0.48 | 7.4 | 0.00 | Feb 22, 2021 | Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | ||
| CVE-2020-11271 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon… | ||
| CVE-2020-11270 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2020-11269 | Hig | 0.57 | 8.8 | 0.00 | Feb 22, 2021 | Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,… | ||
| CVE-2020-11253 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||
| CVE-2020-11223 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||
| CVE-2020-11204 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon… | ||
| CVE-2020-11203 | Hig | 0.46 | 7.1 | 0.00 | Feb 22, 2021 | Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||
| CVE-2020-11195 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon… | ||
| CVE-2020-11194 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired… | ||
| CVE-2020-11187 | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2021 | Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile | ||
| CVE-2020-11177 | Hig | 0.57 | 8.8 | 0.00 | Feb 22, 2021 | User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon… | ||
| CVE-2020-35681 | — | Hig | 0.41 | 7.4 | 0.03 | Feb 22, 2021 | Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate… | |
| CVE-2020-35556 | Hig | 0.49 | 7.5 | 0.01 | Feb 22, 2021 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | ||
| CVE-2021-3149 | Hig | 0.47 | 7.2 | 0.04 | Feb 22, 2021 | On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | ||
| CVE-2021-26119 | — | Hig | 0.50 | 7.5 | 0.09 | Feb 22, 2021 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. |
- risk 0.47cvss 7.2epss 0.02
A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying…
- risk 0.51cvss 7.8epss 0.03
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files,…
- risk 0.53cvss 8.1epss 0.02
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the…
- risk 0.51cvss 7.8epss 0.00
A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the…
- risk 0.57cvss 8.8epss 0.02
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
- risk 0.52cvss 7.8epss 0.12
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
- risk 0.51cvss 7.8epss 0.00
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of…
- risk 0.48cvss 7.4epss 0.01
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
- risk 0.49cvss 7.5epss 0.03
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an…
- risk 0.53cvss 7.3epss 0.63
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a…
- risk 0.51cvss 7.8epss 0.02
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an…
- risk 0.51cvss 7.8epss 0.02
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may…
- risk 0.51cvss 7.8epss 0.02
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be…
- risk 0.51cvss 7.8epss 0.02
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an…
- risk 0.47cvss 7.1epss 0.08
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF…
- risk 0.57cvss 8.8epss 0.01
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code.…
- risk 0.58cvss 8.8epss 0.09
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
- risk 0.57cvss 8.8epss 0.01
Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
- risk 0.47cvss 7.2epss 0.01
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC…
- risk 0.47cvss 7.2epss 0.03
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior…
- risk 0.57cvss 8.8epss 0.03
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
- risk 0.51cvss 7.8epss 0.02
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.
- risk 0.49cvss 7.5epss 0.01
Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- risk 0.49cvss 7.5epss 0.01
Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…
- risk 0.49cvss 7.5epss 0.01
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.51cvss 7.8epss 0.00
Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- risk 0.49cvss 7.5epss 0.01
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.49cvss 7.5epss 0.01
Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon…
- risk 0.49cvss 7.5epss 0.01
Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…
- risk 0.48cvss 7.4epss 0.00
Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
- risk 0.51cvss 7.8epss 0.00
Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon…
- risk 0.49cvss 7.5epss 0.01
Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.57cvss 8.8epss 0.00
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- risk 0.51cvss 7.8epss 0.00
Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
- risk 0.51cvss 7.8epss 0.00
Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
- risk 0.51cvss 7.8epss 0.00
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon…
- risk 0.46cvss 7.1epss 0.00
Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
- risk 0.51cvss 7.8epss 0.00
Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…
- risk 0.51cvss 7.8epss 0.00
Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired…
- risk 0.51cvss 7.8epss 0.00
Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile
- risk 0.57cvss 8.8epss 0.00
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…
- risk 0.41cvss 7.4epss 0.03
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
- risk 0.47cvss 7.2epss 0.04
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.
- risk 0.50cvss 7.5epss 0.09
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.