170 matches found
CVE-2018-11271
Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607,...
CVE-2019-15877
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
kernel: scsi: ufs: core: Fix handling of lrbp->cmd
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp-cmd ufshcdqueuecommand may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the...
CVE-2024-45568
Memory corruption due to improper bounds check while command handling in camera-kernel driver...
CVE-2024-45568
Memory corruption due to improper bounds check while command handling in camera-kernel driver...
CVE-2024-45568
Memory corruption due to improper bounds check while command handling in camera-kernel driver...
CVE-2024-45568 Buffer Over-read in Camera Driver
Memory corruption due to improper bounds check while command handling in camera-kernel driver...
CVE-2024-45568
CVE-2024-45568 affects Qualcomm camera-kernel drivers. Root cause: improper bounds checking during command handling leading to memory corruption. Documented impact includes high confidentiality, integrity, and availability risks; local attack vector with low complexity (Privileges: LOW) and no us...
Mydata Ticket Sales Automation SQL注入漏洞
Mydata Ticket Sales Automation is a ticket sales automation system from Mydata. A SQL injection vulnerability exists in Mydata Ticket Sales Automation versions prior to 03.04.2025, which stems from improperly neutralized SQL commands and could lead to blind SQL injection...
CVE-2025-3723
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...
CVE-2025-21969
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...
CVE-2025-22367
The CVE-2025-22367 affects Mennekes Smart/Premium Chargingpoints firmware. The issue arises from theAuthenticated time setting capability, where OS commands are not properly neutralized when certain fields reach the underlying OS, enabling potential command execution. Documented in Multiple sourc...
CVE-2024-58055 usb: gadget: f_tcm: Don't free command immediately
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command...
CVE-2024-58055
Mode C: The connected Astra Linux bulletin corroborates the CVE-2024-58055 issue in the Linux kernel USB gadget f_tcm: the bug is a double-free caused by freeing the command before the sense/status completion. The fix is a kernel patch that prevents premature command free; the advisory notes the ...
Arbitrary IRC Command Execution
matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...
Qualcomm Chipsets 输入验证错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets that stems from a transient denial of service when processing UCI commands...
CVE-2024-57992
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers both sdio and spi which can lead to kernel panic, as this one for example when using SPI: Unable to...
CVE-2022-49335
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESALOADERDRIVEROVERRIDE=v3d glxinfo 172536.665184 BUG: kernel...
CVE-2022-33276
Memory corruption due to buffer copy without checking size of input in modem while receiving WMIREQUESTSTATSCMDID command...