Monthly
Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2. Rated high severity (CVSS 7.0). No vendor patch available.
In huge memory get unmapped area check, code can never be reached because of a logical contradiction. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2. Rated high severity (CVSS 7.0). No vendor patch available.
In huge memory get unmapped area check, code can never be reached because of a logical contradiction. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.