| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| Memory corruption may occur due top improper access control in HAB process. |
| Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. |
| SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. |
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. |
| A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system.
This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted commands on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device and gain privileges of the root user. To exploit this vulnerability, an attacker would need to have CLI access as a low-privilege user. |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
| Memory corruption while processing memory map or unmap IOCTL operations simultaneously. |
| A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system.
This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. |
| Memory corruption while IOCTL call is invoked from user-space to read board data. |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. |
| Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. |
| A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.
This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.
To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5. |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. |
| A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.
This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system. |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. |
| A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15.
Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default. |
