‼ CVE-2021-27427 ‼
📖 Read
via "National Vulnerability Database".
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20090 ‼
📖 Read
via "National Vulnerability Database".
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20089 ‼
📖 Read
via "National Vulnerability Database".
In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27431 ‼
📖 Read
via "National Vulnerability Database".
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21743 ‼
📖 Read
via "National Vulnerability Database".
In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20093 ‼
📖 Read
via "National Vulnerability Database".
In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1548 ‼
📖 Read
via "National Vulnerability Database".
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27435 ‼
📖 Read
via "National Vulnerability Database".
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20088 ‼
📖 Read
via "National Vulnerability Database".
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27439 ‼
📖 Read
via "National Vulnerability Database".
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28788 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20111 ‼
📖 Read
via "National Vulnerability Database".
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20104 ‼
📖 Read
via "National Vulnerability Database".
In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20106 ‼
📖 Read
via "National Vulnerability Database".
In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20101 ‼
📖 Read
via "National Vulnerability Database".
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27421 ‼
📖 Read
via "National Vulnerability Database".
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20098 ‼
📖 Read
via "National Vulnerability Database".
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28789 ‼
📖 Read
via "National Vulnerability Database".
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28792 ‼
📖 Read
via "National Vulnerability Database".
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28782 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28787 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.📖 Read
via "National Vulnerability Database".