INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.