In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In multiple locations of DreamManagerService.java, there is a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability was found in Joget up to 7.0.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability was found in INEX IPX-Manager up to 6.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability was found in Alinto SOGo up to 5.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.