| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access.
We would like to thank the Lockheed Martin Red Team for responsibly reporting this issue and working with us through coordinated disclosure. |
| An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability. |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available. |
| Memory Corruption when processing invalid user address with nonstandard buffer address. |
| Memory Corruption when adding user-supplied data without checking available buffer space. |
| Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. |
| Memory Corruption when accessing trusted execution environment without proper privilege check. |
| Transient DOS when MAC configures config id greater than supported maximum value. |
| Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. |
| Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. |
| Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. |
| Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. |
| Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. |
| Memory corruption while handling different IOCTL calls from the user-space simultaneously. |
| Memory Corruption when accessing buffers with invalid length during TA invocation. |
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. |
| A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. |
