In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the netlink driver, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.