| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843. |
| In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835. |
| In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826. |
| Memory corruption while handling different IOCTL calls from the user-space simultaneously. |
| Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. |
| Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. |
| Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. |
| Memory Corruption when processing invalid user address with nonstandard buffer address. |
| Memory Corruption when adding user-supplied data without checking available buffer space. |
| Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. |
| Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. |
| Memory Corruption when accessing trusted execution environment without proper privilege check. |
| Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. |
| A remote authentication bypass vulnerability
exists in HPE AutoPass License Server (APLS). |
| In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151. |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135. |
| A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. |
| A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. |
| An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service. |
