One
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8851 | Med | 0.38 | 5.9 | 0.00 | May 11, 2017 | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers… | ||
| CVE-2026-6839 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0. | ||
| CVE-2026-41667 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0. | ||
| CVE-2026-41666 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0. | ||
| CVE-2026-41664 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0. | ||
| CVE-2026-40450 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0. | ||
| CVE-2026-40449 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0. | ||
| CVE-2026-41665 | Med | 0.33 | 6.1 | 0.00 | Apr 22, 2026 | Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0. | ||
| CVE-2025-69893 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which… | ||
| CVE-2026-6840 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. | ||
| CVE-2026-40448 | Med | 0.27 | 5.3 | 0.00 | Apr 22, 2026 | Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0. | ||
| CVE-2020-15419 | 0.02 | — | 0.64 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the… | |||
| CVE-2024-39771 | 0.00 | — | 0.00 | Aug 28, 2024 | QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | |||
| CVE-2020-9285 | 0.00 | — | 0.00 | Oct 20, 2022 | Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device. |
- risk 0.38cvss 5.9epss 0.00
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers…
- risk 0.36cvss 6.6epss 0.00
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
- risk 0.36cvss 6.6epss 0.00
Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.
- risk 0.36cvss 6.6epss 0.00
Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.
- risk 0.36cvss 6.6epss 0.00
Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.
- risk 0.36cvss 6.6epss 0.00
Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.
- risk 0.36cvss 6.6epss 0.00
Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
- risk 0.33cvss 6.1epss 0.00
Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.
- risk 0.30cvss 4.6epss 0.00
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which…
- risk 0.29cvss 5.5epss 0.00
Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.
- risk 0.27cvss 5.3epss 0.00
Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
- CVE-2020-15419Jul 28, 2020risk 0.02cvss —epss 0.64
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the…
- CVE-2024-39771Aug 28, 2024risk 0.00cvss —epss 0.00
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
- CVE-2020-9285Oct 20, 2022risk 0.00cvss —epss 0.00
Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.