‼ CVE-2021-35100 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32259 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32261 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35085 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30341 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32260 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30346 ‼
📖 Read
via "National Vulnerability Database".
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32285 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32286 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32262 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35130 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22103 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32256 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32145 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30937 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22082 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22087 ‼
📖 Read
via "National Vulnerability Database".
memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35120 ‼
📖 Read
via "National Vulnerability Database".
Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35129 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35121 ‼
📖 Read
via "National Vulnerability Database".
An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27221 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.📖 Read
via "National Vulnerability Database".