‼ CVE-2022-21667 ‼
📖 Read
via "National Vulnerability Database".
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40029 ‼
📖 Read
via "National Vulnerability Database".
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46050 ‼
📖 Read
via "National Vulnerability Database".
A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40000 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40021 ‼
📖 Read
via "National Vulnerability Database".
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40014 ‼
📖 Read
via "National Vulnerability Database".
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46147 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22824 ‼
📖 Read
via "National Vulnerability Database".
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38921 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9057 ‼
📖 Read
via "National Vulnerability Database".
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34086 ‼
📖 Read
via "National Vulnerability Database".
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22846 ‼
📖 Read
via "National Vulnerability Database".
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40037 ‼
📖 Read
via "National Vulnerability Database".
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22263 ‼
📖 Read
via "National Vulnerability Database".
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40039 ‼
📖 Read
via "National Vulnerability Database".
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40035 ‼
📖 Read
via "National Vulnerability Database".
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22844 ‼
📖 Read
via "National Vulnerability Database".
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9060 ‼
📖 Read
via "National Vulnerability Database".
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46053 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46165 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22265 ‼
📖 Read
via "National Vulnerability Database".
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.📖 Read
via "National Vulnerability Database".