Weekly Vulnerabilities Reports > September 14 to 20, 2020

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4.

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1.

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3.

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11.

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container.

A flaw was found in the Linux kernel before 5.9-rc4.

A flaw was found in X.Org Server before xorg-x11-server 1.20.9.

A flaw was found in X.Org Server before xorg-x11-server 1.20.9.

A flaw was found in xorg-x11-server before 1.20.9.

A flaw was found in X.Org Server before xorg-x11-server 1.20.9.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

In Bluetooth, there is a possible out of bounds write due to a missing bounds check.

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4.

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2.

An issue was discovered in DotPlant2 before 2020-09-14.

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

In UrlQuerySanitizer, there is a possible improper input validation.

A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.

A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder.

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields.

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3.

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters.

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

An issue was discovered in the rand_core crate before 0.4.2 for Rust.

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust.

ThinkAdmin v6 is affected by a directory traversal vulnerability.

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used.

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive.

In Telephony, there is a possible permission bypass due to a missing permission check.

In NFC, there is a possible permission bypass due to an unsafe PendingIntent.

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass.

In factory reset protection, there is a possible FRP bypass due to a missing permission check.

In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free.

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature.

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check.

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value.

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free.

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast.

In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent.

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains.

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.

In libstagefright, there is possible CPU exhaustion due to improper input validation.

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs.

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE).

In NFC, there is a possible out of bounds write due to a missing bounds check.

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4.

In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check.

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability.

In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent.

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data.

In the Media extractor, there is a possible use after free due to improper locking.

In libstagefright, there is a possible out of bounds write due to an integer overflow.

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE).

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table.

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples.

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300.

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

gnuplot 5.5 is affected by double free when executing print_set_output.

An issue was discovered in BlackCat CMS before 1.4.

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur.

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload.

The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used.

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

An issue was discovered in Titan SpamTitan 7.07.

An issue was discovered in Titan SpamTitan 7.07.

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

A specific router allows changing the Wi-Fi password remotely.

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution.

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component.

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS).

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware.

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior.

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations.

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations.

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations.

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.

An issue was discovered in Gradle Enterprise 2018.5.

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free.

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause.

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution.

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643.

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory.

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled.

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier).

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD.

A flaw was found in the Linux kernel before 5.9-rc4.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.

Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.

Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts.

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit.

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php.

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final.

webTareas through 2.1 allows files/Default/ Directory Listing.

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust.

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.

Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.

An issue was discovered in MISP before 2.4.132.

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.

In NFC, there is a possible out of bounds read due to uninitialized data.

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data.

NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.

An issue was discovered in 1CRM System through 8.6.7.

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1.

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow.

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint.

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled.

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor.

CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL).

IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header.

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization.

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access.

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections.

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

An issue was discovered in the http crate before 0.1.20 for Rust.

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

In the System UI, there is a possible system crash due to an uncaught exception.

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4.

In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent.

In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent.

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent.

In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent.

In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4.

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

An issue was discovered in the DBI module before 1.643 for Perl.

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability.

A flaw was found in the Linux kernel in versions before 5.9-rc6.

In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent.

In NFC, there is a possible out of bounds write due to a missing bounds check.

In iptables, there is a possible out of bounds write due to an incorrect bounds check.

In NFC, there is a possible out of bounds write due to a missing bounds check.

In NFC, there is a possible out of bounds write due to a missing bounds check.

In NFC, there is a possible out of bounds write due to uninitialized data.

In the Bluetooth server, there is a possible out of bounds write due to an integer overflow.

In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check.

In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check.

In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer.

In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent.

In the audio server, there is a missing permission check.

In libavb, there is a possible out of bounds write due to an integer overflow.

In SurfaceFlinger, there is a possible use-after-free due to improper locking.

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check.

In DisplayManager, there is a possible permission bypass due to a missing permission check.

In SurfaceFlinger, there is possible memory corruption due to type confusion.

In iorap, there is a possible memory corruption due to a use after free.

In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation.

In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check.

In screencap, there is a possible command injection due to improper input validation.

In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking.

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow.

In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check.

In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption.

In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free.

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting.

Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

A timing side channel was discovered in AT91bootstrap before 3.9.2.

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users.

In the Settings app, there is an insecure default value.

In NFC, there is a possible use-after-free due to a race condition.

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine.

In SurfaceFlinger, there is a possible use after free due to a race condition.

In Mediaserver, there is a possible out of bounds write due to an integer overflow.

In DocumentsUI, there is a possible permission bypass due to a confused deputy.

In CamX code, there is a possible use after free due to a race condition.

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths.

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device.

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior.

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4.

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party.

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App.

Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.

In libAACdec, there is a possible out of bounds read due to missing bounds check.

In libDRCdec, there is a possible out of bounds read due to a missing bounds check.

In libmedia, there is a possible resource exhaustion due to improper input validation.

In libstagefright, there is a possible resource exhaustion due to improper input validation.

In libDRCdec, there is a possible information disclosure due to uninitialized data.

In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check.

In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check.

In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data.

In libstagefright, there is a possible dead loop due to an uncaught exception.

In libsonivox, there is a possible out of bounds read due to a missing bounds check.

In libstagefright, there is a possible resource exhaustion due to improper input validation.

In libstagefright, there is a possible resource exhaustion due to improper input validation.

In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check.

In the AAC parser, there is a possible out of bounds read due to a missing bounds check.

In tremolo, there is a possible out of bounds read due to a missing bounds check.

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys.

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value.

In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check.

In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check.

In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check.

Apache Atlas before 2.1.0 contain a XSS vulnerability.

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances.

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x.

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.

In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form.

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review.

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N].

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'

MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS.

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.

Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.

Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update.

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.

In NFC, there is a possible out of bounds read due to a missing bounds check.

An issue was discovered in Gradle Enterprise before 2020.2.4.

Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly.

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used.

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized.

An issue was discovered in Titan SpamTitan 7.07.

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience.

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system.

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior.

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser).

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser).

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser).

An issue was discovered in the DBI module through 1.643 for Perl.

In NFC, there is a possible out of bounds read due to a missing bounds check.

In NFC, there is a possible out of bounds read due to a missing bounds check.

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability.

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages.

A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions.

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting.

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3.

A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior.

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework.

In the Bluetooth service, there is a possible spoofing attack due to a logic error.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior.

An issue was discovered in Gradle Enterprise before 2020.2.5.

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources.

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them.

In netd, there is a possible out of bounds read due to a missing bounds check.

In NFC, there is a possible out of bounds read due to a missing bounds check.

In Settings, there is a possible permissions bypass.

In core networking, there is a missing permission check.

In NFC, there is a missing bounds check.

In Telephony, there is a missing permission check.

In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent.

In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent.

In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent.

In Settings, there is a possible permission bypass due to an unsafe PendingIntent.

In Settings, there is a possible permission bypass due to an unsafe PendingIntent.

In Settings, there is a possible permission bypass due to an unsafe PendingIntent.

In Settings, there is a possible permission bypass due to an unsafe PendingIntent.

In Telecom, there is a possible permission bypass due to an unsafe PendingIntent.

In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent.

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

In Telephony, there is a possible permission bypass due to a missing permission check.

In Telephony, there is a possible permission bypass due to a missing permission check.

In Telephony, there is a possible permission bypass due to a missing permission check.

In libhwbinder, there is a possible information disclosure due to uninitialized data.

In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent.

In Telephony, there are possible leaks of sensitive data due to missing permission checks.

In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent.

In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent.

There is a possible way to view notifications even when the "Lockdown" feature is on.

In ActivityManager, there is a possible access to protected data due to a missing permission check.

In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow.

In MediaProvider, there is a possible permissions bypass due to SQL injection.

In MediaProvider, there is a possible permissions bypass due to SQL injection.

In NetworkStatsService, there is a possible access to protected data due to a missing permission check.

In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.

In the OMX encoder, there is a possible out of bounds read due to invalid input validation.

In the camera, there is a possible out of bounds read due to an integer overflow.

In libavb, there is a possible out of bounds read due to a missing bounds check.

In apexd, there is a possible out of bounds read due to a missing bounds check.

In UsageStatsManager, there is a possible access to protected data due to a missing permission check.

In AudioService, there are missing permission checks.

In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent.

In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent.

In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent.

In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent.

In Java network APIs, there is possible access to sensitive network state due to a missing permission check.

In PackageManager, there is a missing permission check.

In PackageManager, there is a missing permission check.

In PackageManager, there is a missing permission check.

In the OMX parser, there is a possible information disclosure due to a returned raw pointer.

In mediadrm, there is a possible out of bounds read due to a missing bounds check.

In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits.

In the app zygote SE Policy, there is a possible permissions bypass.

In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent.

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception.

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component.

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component.

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.

IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system.

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

In SoundTriggerHwService, there is a possible out of bounds read due to a race condition.

In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass.

An issue was discovered in KaiOS 2.5.

An issue was discovered in KaiOS 2.5.

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1.

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants.