| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Secure Boot Security Feature Bypass Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. |
| Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. |
| Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| No description is available for this CVE. |
| IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. |
| HCL AION is susceptible to Missing Content-Security-Policy.
An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. |
| Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. |
| Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The function processes form field names with dot notation (e.g., user.name) to create nested objects, but fails to sanitize dangerous property names like __proto__, constructor, and prototype. This allows unauthenticated attackers to pollute Object.prototype by sending crafted HTTP POST requests, potentially leading to privilege escalation, authentication bypass, or denial of service. This issue has been patched in version 1.19.0. |
| Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2. |
| In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. |
| Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed. |
| Transient DOS may occur while processing malformed length field in SSID IEs. |
| Heap-based buffer overflow vulnerability in the image module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Buffer overflow vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Address read vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| Out-of-bounds read issue in the media subsystem.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
