| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. |
| Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Issue of inconsistent read/write serialization in the ad module.
Impact: Successful exploitation of this vulnerability may affect the availability of the ad service. |
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of returning released pointers in the distributed notification service.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of improper processing of abnormal conditions in huge page separation.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Out-of-bounds read vulnerability in the register configuration of the DMA module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.25.8`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). |
| Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. |
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. |
| Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. |
| Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. |
| Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. |