| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS during music playback of ALAC content. |
| Information disclosure while handling beacon probe frame during scan entry generation in client side. |
| Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. |
| FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1. |
| eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. |
| An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. |
| Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. |
| Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access |
| Memory corruption while processing key blob passed by the user. |
| Transient DOS while loading the TA ELF file. |
| Information disclosure while handling SA query action frame. |
| INformation disclosure while handling Multi-link IE in beacon frame. |
| Information Disclosure while parsing beacon frame in STA. |
| Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
|
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. |
| A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges
to disclose sensitive information.
|
