| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Information disclosure in IOE Firmware while handling WMI command. |
| Information Disclosure in data Modem while parsing an FMTP line in an SDP message. |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. |
| Transient DOS while decoding message of size that exceeds the available system memory. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Transient DOS in WLAN Firmware while parsing a BTM request. |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Cryptographic issue in HLOS during key management. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including reports detailing donors and donation amounts. |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration. |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. |
