| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while parsing clock configuration data for a specific hardware type. |
| Memory corruption while performing sensor register read operations. |
| Memory corruption while deinitializing a HDCP session. |
| Memory corruption while handling sensor utility operations. |
| Cryptographic issue may occur while encrypting license data. |
| Memory corruption while processing a secure logging command in the trusted application. |
| Memory corruption while processing identity credential operations in the trusted application. |
| Memory Corruption when multiple threads concurrently access and modify shared resources. |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. |
| Memory corruption while preprocessing IOCTLs in sensors. |
| Memory corruption while passing pages to DSP with an unaligned starting address. |
| Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. |
| Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36. |
| Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37. |
| A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. |
| A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. |
| Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02 |
| In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. |
| MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. |
| OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. |
