org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console

No description is available for this CVE...

org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console

No description is available for this CVE...

CVE-2025-27029

CVE-2025-27029 affects Qualcomm WLAN HAL (closed-source Qualcomm components). The issue is a transient Denial of Service caused by processing a tone measurement response buffer that is out of range. Metrics indicate network attack vector, low complexity, no privileges required, no user interactio...

CVE-2025-27029 Buffer Over-read in WLAN HAL

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range...

OESA-2025-1573 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng-lock for ath11khalsrng in monitor mode ath11khalsrng should be used with srng-lock to protect srng data. For ath11kdprxmondestprocess and...

CVE-2024-47293

Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-32900

In lwisfencesignal of lwisdebug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from halcameradefault SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL...

CVE-2023-22674

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2...

CVE-2023-42558

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution...

CVE-2023-30681

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write...

CVE-2023-30651

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-30653

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-30650

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload...

CVE-2023-28568

Information disclosure in WLAN HAL when reception status handler is called...

CVE-2023-21639

Memory corruption in Audio while processing svamodelserializer using memory size passed by HIDL client...