Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

Memory corruption while processing multiple IOCTL command for escape operations.

Memory corruption while processing IOCTL calls for escape operations.

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global con...

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Memory Corruption when processing fastboot commands to set display mode.

Memory corruption while processing fastboot commands with improperly formatted input.

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

Memory corruption while processing fastboot commands with invalid input.

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

Memory corruption while processing fastboot OEM commands.

Memory Corruption when processing display command line information due to improper initialization of a variable.

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the...

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information ...

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affec...

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.