CVE-2018-9364

CVE-2018-9364 corresponds to an Elevation of Privilege in the LG LGLAF bootloader component. The connected sources indicate the issue involves a special command that permitted modification of certain partitions, enabling bypass of secure boot. The Red Hat and Android bulletin entries corroborate ...

CVE-2018-9345

CVE-2018-9345 affects Android’s BnAudioPolicyService (AudioPolicyService.cpp). The issue is information disclosure due to uninitialized data, enabling local information disclosure with no extra privileges and no user interaction required. Multiple connected sources confirm the same description. P...

CVE-2018-9344

The CVE-2018-9344 entry describes a use-after-free in DescramblerImpl.cpp caused by improper locking, enabling local privilege escalation with no extra privileges and no user interaction. Connected sources associate this issue with Android’s Media framework and list affected context in the Androi...

CVE-2018-9339

CVE-2018-9339 affects Android’s framework Parcel.java, specifically in the methods writeTypedArrayList/readTypedArrayList, with a root cause of type confusion that enables local privilege escalation. The vulnerability can be exploited with no user interaction and requires local access. Public doc...

CVE-2024-53054

...

CVE-2020-26066

Cisco SD-WAN vManage Software Web UI contains an XML External Entity (XXE) processing vulnerability in certain XML files parsed by the application. An authenticated remote attacker could exploit this flaw to gain read and write access to information stored on the system. Affected component is the...

CVE-2020-26067

CVE-2020-26067 concerns Cisco Webex Teams web interface. Affected component: web-based interface; issue arises from improper validation of usernames. An authenticated, remote attacker can create an account containing malicious HTML/script and join a space with that name, enabling cross-site scrip...

CVE-2020-26063

CVE-2020-26063 — Cisco Integrated Management Controller (IMC) API endpoints have improper authorization checks, enabling an authenticated remote attacker to bypass authorization and actions on the vulnerable system. Exploitation involves sending crafted API requests that could download files or m...

CVE-2020-27124

Cisco ASA SSL/TLS DoS (CVE-2020-27124): Vulnerability in the SSL/TLS handler due to improper error handling on established SSL/TLS connections can cause an unauthenticated remote attacker to reload the device, leading to DoS. Affected products: Cisco ASA Software. Impact: device reload and servic...

CVE-2020-3420

CVE-2020-3420 affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web-based management interface. An authentica...

CVE-2020-3538

Cisco DCNM (Data Center Network Manager) contains a path traversal vulnerability in a REST API endpoint that allows an authenticated, remote attacker to overwrite or list arbitrary files on affected devices. The issue stems from insufficient path restrictions, exploitable by sending crafted HTTP ...

CVE-2021-1234

Affected product/edition: Cisco SD-WAN vManage Software (cluster mode)\nVulnerability summary: In the cluster management interface, there is an absence of authentication for sensitive information, allowing an unauthenticated, remote attacker to view sensitive data by sending a crafted request.\nR...

CVE-2021-1379

CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...

CVE-2021-1424

CVE-2021-1424 concerns Cisco ASR 5000 Series Software (StarOS) where the ipsecmgr process is vulnerable to unauthenticated, remote DoS via specially malformed IKEv2 packets. The issue stems from insufficient validation of incoming IKEv2 traffic, and exploitation can cause the ipsecmgr process to ...

CVE-2021-1440

Cisco IOS XR Software contains a DoS vulnerability in the RPKI feature due to incorrect handling of RTR header packets. An unauthenticated attacker can trigger BGP process crashes by sending specially crafted RTR packets (or via MITM impersonation of the RPKI validator) over RTR TCP, causing the ...

CVE-2021-1444

CVE-2021-1444 affects Cisco ASA and Cisco FTD/FMC web services interface. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and trigger cross-site scripting (XSS) in the interface context....

CVE-2021-1462

CVE-2021-1462 affects Cisco SD-WAN vManage Software CLI. The issue arises from an incorrect privilege assignment that lets an authenticated local attacker with a valid Administrator account create a malicious file that the system later parses, potentially granting the attacker root privileges on ...

CVE-2023-43091

GNOME Maps (GNOME Maps) is affected by CVE-2023-43091 due to a code injection flaw in its service.json configuration file. A malicious configuration can cause arbitrary code execution, as documented across multiple sources in the connected data. The issue is confirmed by CVE descriptions and rela...

CVE-2024-0793

CVE-2024-0793 – Kubernetes kube-controller-manager DoS (KCM pods churn) Affects kube-controller-manager where applying an HPA YAML without a .spec.behavior.scaleUp block can cause denial of service via KCM pods restarting (restart churn). The issue is documented in multiple sources, with IBM X-Fo...

CVE-2023-6110

OpenStack CVE-2023-6110 describes a flaw where deleting a non-existent access rule within a scope can cause other existing access rules (not linked to any application credentials) to be deleted. The vulnerability is linked to the OpenStack component handling access rule deletion. The documented i...