CVE-2026-20409

creationtimestamp| type| source ---|---|--- 2026-02-03 00:09:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdw33bddzb24...

CVE-2026-20409

In imgsys, a potential out-of-bounds write due to a missing bounds check could enable local privilege escalation if an attacker already has System privileges. Exploitation does not require user interaction. Public references indicate a patch ID (ALPS10363246) and an Issue ID (MSV-5779) associated...

CVE-2022-20409

In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2018-20409

An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls...

Security Bulletin: IBM Security Verify Information Queue does not always enable HTTP Strict Transport Security when sending error responses (CVE-2021-20409)

Summary The web server in IBM Security Verify Information Queue ISIQ does not add the HTTP Strict Transport Security header in its internally generated error responses. Consequently, a remote attacker could obtain sensitive information from an insecure HTTP connection. As of v10.0.0, ISIQ is...

CVE-2024-20409

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...

CVE-2023-42102 Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-42102 Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2022-20409

creationtimestamp| type| source ---|---|--- 2022-10-12 00:32:23+00:00| seen| https://t.me/cibsecurity/51212 2023-08-07 01:53:06+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8802 2023-08-07 05:30:26+00:00| published-proof-of-concept| https://t.me/CNArsenal/821...

CVE-2022-20409

In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20409

In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20409

CVE-2022-20409 : The vulnerability exists in the Linux kernel’s io_uring.c, specifically in io_identity_cow, where a use-after-free can corrupt memory and enable local privilege escalation. The Android/Linux kernel context is affected (Android kernel and EulerOS advisories reference this CVE). Ex...

CVE-2021-20409

creationtimestamp| type| source ---|---|--- 2021-02-12 20:43:51+00:00| seen| https://t.me/cibsecurity/23554...

CVE-2021-20409

IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are affected by CVE-2021-20409 due to failure to properly enable HTTP Strict Transport Security (HSTS) in internally generated error responses. This can allow a remote attacker to obtain sensitive information via man-in-the-middle tec...

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability...

CVE-2019-20409

CVE-2019-20409 affects Atlassian Jira Server and Data Center versions prior to 8.8.0. The issue arises from how Velocity templates are used, enabling remote attackers to trigger server-side template injection and achieve remote code execution. The confirmed fix is upgrade to Jira 8.8.0 or later. ...

Make use of Secure Introspector in Velocity Templates - CVE-2019-20409

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...

CVE-2018-20409

CVE-2018-20409 affects Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create (Core/Ap4AvccAtom.cpp), demonstrated by mp42hls. The vulnerability is documented across multiple feeds (NVD/Red Hat/CNVD/OSV entries). No patch/version remediation details are provided in the s...