| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while prociesing command buffer buffer in OPE module. |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. |
| Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. |
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. |
| Memory corruption while reading secure file. |
| Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. |
| Memory corruption while triggering commands in the PlayReady Trusted application. |
| In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. |
| Memory corruption during the FRS UDS generation process. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. |
| Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit. |
| Memory corruption while reading the FW response from the shared queue. |
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider.
When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject arbitrary SQL command when triggering DAG exposing partition_clause to the user.
This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally would not have.
This issue affects Apache Airflow Common SQL Provider: before 1.24.1.
Users are recommended to upgrade to version 1.24.1, which fixes the issue. |
