| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while processing IOCTL handler in FastRPC. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
| Memory corruption in TZ Secure OS while loading an app ELF. |
| Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. |
| Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. |
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
| Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Memory corruption in Audio while running invalid audio recording from ADSP. |
| Memory corruption while loading an ELF segment in TEE Kernel. |
| Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345. |
| A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers. |
| Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible
for a specially crafted request to bypass some rewrite rules. If those
rewrite rules effectively enforced security constraints, those
constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. |
