| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Information disclosure in IOE Firmware while handling WMI command. |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. |
| Cryptographic issue in HLOS during key management. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. |
| Transient DOS in WLAN Firmware while parsing a BTM request. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Information Disclosure in data Modem while parsing an FMTP line in an SDP message. |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. |
| An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. |
