Design/Logic Flaw

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL...

Memory corruption

Memory corruption when malformed message payload is received from firmware...

Memory corruption

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE...

Memory corruption

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

Code injection

Transient DOS in Multi-Mode Call Processor while processing UE policy container...

Information disclosure

Information disclosure in Audio while accessing AVCS services from ADSP payload...

Memory corruption

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

Information disclosure

Information disclosure in Modem while processing SIB5...

Design/Logic Flaw

Transient DOS in Audio when invoking callback function of ASM driver...

Design/Logic Flaw

Transient DOS in Core when DDR memory check is called while DDR is not initialized...

Heap overflow

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage...

Design/Logic Flaw

Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service DoS condition by performing certain operations...

Open redirect

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

Information disclosure

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent...

Information disclosure

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent...

Input validation

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer...

Design/Logic Flaw

Out-of-bounds Write in padmdvldhtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code...

Cross site scripting

Out-of-bounds Write in padmdvldqtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code...

Information disclosure

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information...

Authentication flaw

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness...

Cross site scripting

Out-of-bounds Read in padmdvldacprogrefine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information...

Authentication flaw

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness...

Design/Logic Flaw

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent...

Buffer overflow

Out-of-bounds Write vulnerabilities in svc1tdvldelh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow...

Buffer overflow

Out-of-bounds Write vulnerabilities in svc1tdvldplhap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow...

Authorization

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication...

Improper access control

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen...

Information disclosure

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent...

Information disclosure

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent...

Input validation

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read...

Buffer overflow

Out-of-bounds Write vulnerabilities in svc1tdvldslh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow...

Hardcoded credentials

D-LINK Go-RT-AC750 GORTAC750A1FWv101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session...

Stack overflow

D-Link Go-RT-AC750 GORTAC750A1FWv101b03 contains a stack-based buffer overflow via the function genacgimain. This vulnerability allows attackers to enable telnet service via a specially crafted payload...

Buffer overflow

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

Buffer overflow

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...

Input validation

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

Sql injection

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter...

Buffer overflow

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Colo...

Design/Logic Flaw

Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass...

Command injection

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature...

Design/Logic Flaw

Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges...

Denial of service

An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files...

Code injection

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

Buffer overflow

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C...

Buffer overflow

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

Buffer overflow

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07...

Buffer overflow

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C...

Directory traversal

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

Information disclosure

An issue in the PowerOffWidgetReceiver function of Super Reboot Root Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent...

Cross site request forgery (csrf)

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...