| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation
operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the
targeted device
|
|
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow.
This could potentially lead to a Remote Code execution on the targeted device.
|
|
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions. |
| Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton. |
| Transient DOS in WLAN Firmware while processing a FTMR frame. |
| Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. |
| Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. |
| Transient DOS in Core when DDR memory check is called while DDR is not initialized. |
| Information disclosure in Modem while processing SIB5. |
| Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. |
| Transient DOS in WLAN Firmware while parsing t2lm buffers. |
| Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. |
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. |
| Memory corruption while receiving a message in Bus Socket Transport Server. |
| Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. |