CVE Catalog

A vulnerability exists in various chipsets used in Qualcomm products, allowing memory corruption by accessing shared buffers without proper validation of concurrent user-mode input changes. This issue arises from a time-of-check time-of-use (TOCTOU) race condition, where the timing of input modification and buffer access can be manipulated, leading to memory corruption.

A memory corruption vulnerability has been identified in various chipsets of Qualcomm products, including mobile platforms and certain wireless communication chipsets. This vulnerability arises from an out-of-bounds write issue while processing multiple IOCTL commands for escape operations, which could potentially be exploited to cause memory corruption.

A memory corruption vulnerability has been identified in Qualcomm DSP Service while processing IOCTL calls for escape operations. This issue involves an out-of-bounds read, which can lead to memory corruption.

Prior to version 9.3.0, Kiteworks Secure Data Forms contains multiple SQL injection vulnerabilities. These vulnerabilities could be exploited by an authenticated attacker with the FormBuilder role to access or modify other users' form definitions and certain global configuration parameters.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to access the metadata of resources belonging to other users, due to inadequate authorization checks on resource ownership.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows authenticated users to modify resources belonging to other users, as the application fails to properly enforce authorization checks on resource ownership. Exploitation of this issue enables users to add arbitrary submissions to forms owned by others.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to improperly modify permissions on resources belonging to other users, due to inadequate authorization checks on resource ownership.

A stored cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated attacker to execute arbitrary JavaScript in the sessions of other users, specifically within the Thank You Page configuration.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to modify resources belonging to other users, due to inadequate authorization checks on resource ownership.

A reflected cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows external attackers to deceive users into executing arbitrary JavaScript code. The issue resides in the logging module, which has since been removed.

An assertion failure vulnerability has been identified in SGLang version 0.5.10.post1, specifically within the Inference HTTP Endpoint component. The issue arises in the 'lora_manager.py' file, where the 'lora_path' argument can be manipulated, leading to a reachable assertion. This vulnerability allows for a denial-of-service condition, as the server becomes unresponsive after the assertion failure. The vulnerability can be exploited remotely, but requires a complex attack strategy.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Online Hospital Management System version 1.0. The issue arises in the file viewdoctortimings.php, where the delid parameter is processed without proper ownership verification. This flaw enables low-privileged users to delete doctor timing records belonging to other doctors. The deletion is executed without session validation, potentially allowing unauthenticated users to perform the action remotely.

A null pointer dereference vulnerability has been identified in ggml-org Whisper.cpp versions prior to 1.8.2. The issue arises in the function whisper_model_load within ggml/src/ggml.c, where the loader fails to validate model parameters before use. This flaw allows a crafted model file to cause an unconditional process abort, creating a potential denial-of-service scenario. The vulnerability requires local exploitation, and a proof-of-concept exploit has been made public.

A SQL injection vulnerability exists in the itsourcecode Fees Management System version 1.0, specifically within the manage_course.php file. The issue arises from improper validation of the 'id' parameter, allowing remote attackers to inject malicious SQL queries. Exploitation of this vulnerability could lead to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability exists in the Itsoucecode Fees Management System version 1.0, specifically within the '/ajax.php' file. This vulnerability allows attackers to inject malicious SQL queries through the 'username' parameter, after logging in with valid credentials. The application does not properly sanitize or validate this input before incorporating it into SQL queries, enabling unauthorized manipulation of the database. Exploitation of this vulnerability could lead to unauthorized database access, data leakage, data tampering, and service interruptions.

A denial-of-service vulnerability has been identified in SourceCodester Customer Review App version 1.0. The issue arises in the file review_app.py, specifically within the functions add_review, save_review, and get_all_reviews. The vulnerability is caused by improper input validation, allowing a local attacker to manipulate the name and comment fields. This exploitation can lead to excessive disk space usage or corruption of the reviews data, causing the application to lag, freeze, or silently lose all review information without any user notification.

A vulnerability exists in various chipsets of Qualcomm products, allowing memory corruption by sending random number generator commands with an inadequate output buffer size. This out-of-bounds write can lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial-of-service condition.

A stack-based buffer overflow vulnerability has been identified in the Windows Compute technology area of Qualcomm chipsets. This vulnerability arises from a memory corruption issue when the output buffer size is smaller than the input buffer size during data copying operations. The flaw allows for improper handling of data, potentially leading to memory corruption.

A memory corruption vulnerability has been identified in Qualcomm Windows drivers. This issue arises when the drivers receive incorrect trusted application requests, leading to a stack-based buffer overflow. The vulnerability is present in several chipsets, including those used in Snapdragon mobile platforms and various Qualcomm connectivity solutions.

A vulnerability in Qualcomm's core services has been identified, allowing for memory corruption through an out-of-bounds write. This issue arises from a lack of proper input validation in the diagnostic services.

A memory corruption vulnerability has been identified in Qualcomm's HLOS (High-Level Operating System) component. This issue arises from an out-of-bounds write when processing device identifier strings that exceed the expected maximum length. The vulnerability affects several chipsets, including those used in various Snapdragon mobile platforms and other Qualcomm technologies.

A vulnerability in Qualcomm's Powerline Communication Firmware allows unauthorized access to device configuration information. This issue arises when a device is reset to factory default settings via the powerline interface, leading to unintentional exposure of sensitive information.

A privilege escalation vulnerability has been identified in the Dräger Infinity Explorer C700. This vulnerability allows attackers to exit kiosk mode and access the underlying operating system by interacting with a specific dialog. Exploiting this kiosk escape could enable unauthorized control over the operating system, potentially leading to the device displaying incorrect information or no information at all from the connected Delta Family patient monitor.

An SQL injection vulnerability has been identified in Pixa Bank version 2.0. This vulnerability allows unauthenticated attackers to inject SQL code into the 'rib' parameter, enabling them to extract sensitive user data such as names, email addresses, and phone numbers from the database. The exploitation occurs by sending POST requests with UNION-based SQL payloads to the 'agence-ajax.php' endpoint.

A vulnerability exists in Cloud Foundry UAA versions 76.12.0 through 78.12.0, where EC (Elliptic Curve) private keys are unintentionally exposed through the public /token_keys endpoint. This endpoint, intended for providing public key material for JWT token verification, incorrectly reveals private key components for EC keys. The issue affects deployments using EC keys for JWT token signing, while RSA key configurations remain unaffected.

An authentication bypass vulnerability has been identified in the cf-auth-proxy component of Cloud Foundry. This vulnerability affects all installations and allows an unauthenticated remote attacker to read logs and metrics from every application and platform component. The issue arises from the ability to create a JSON Web Token (JWT) that the cf-auth-proxy accepts as a valid 'logs.admin' token.

A vulnerability has been identified in the AppOpsService component of Android, where multiple functions may lack proper permission checks. This permissions bypass could lead to unauthorized local information disclosure, without requiring additional execution privileges or user interaction for exploitation. The issue affects several different versions and ranges of Android.

A logic error in the Android Framework's CallIntentProcessor component could enable unauthorized emergency calls. This vulnerability affects Android versions 14, 15, and 16, and requires no special privileges or user interaction to exploit.

A vulnerability allowing local elevation of privilege has been identified in multiple functions within the Android Framework and System components. This issue arises from an incorrect bounds check, leading to a potential desynchronization in persistence. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A denial-of-service vulnerability has been identified in the DevicePolicyManagerService.java of Android. This issue arises from multiple functions that allow improper input validation, leading to a potential desynchronization from persistence. The vulnerability can be exploited locally, without the need for additional execution privileges or user interaction.

A tapjacking vulnerability has been identified in the WindowManagerService component of Android. This issue allows for an overlay attack, where an attacker can manipulate the user interface to intercept user interactions. Exploitation of this vulnerability could lead to unauthorized elevation of privileges, with no additional execution rights required. Notably, user interaction is not necessary for this exploitation to occur.

A vulnerability in PackageKit versions through 1.3.5 allows unprivileged users to probe the existence of any file on the system. This issue arises in the API component, specifically within the g_file_test function of src/pk-transaction.c. The vulnerability is exploited by manipulating the frontend-socket argument, leading to improper authorization. The issue can be executed remotely.

A stack-based buffer overflow vulnerability has been identified in the UTT HiPER 1200GW router, affecting firmware versions up to 2.5.3-170306. The vulnerability arises in the 'strcpy' function within the '/goform/formFireWall' endpoint, where user-controlled data is copied to a fixed memory location without proper length validation. This flaw allows for remote exploitation, potentially leading to a denial-of-service condition.

A stack-based buffer overflow vulnerability has been identified in the UTT HiPER 1200GW router, affecting firmware versions through 2.5.3-170306. The vulnerability arises in the strcpy function within the file /goform/formTaskEdit, where improper boundary checks allow for buffer overflow attacks. This issue can be exploited remotely, potentially leading to denial-of-service conditions.

A denial-of-service vulnerability has been identified in Enderfga Claw-Orchestrator versions through 3.7.0. The issue arises in the Session Grep Endpoint, specifically within the validateRegex function in src/embedded-server.ts. The vulnerability allows for inefficient regular expression processing, where maliciously crafted patterns can cause catastrophic backtracking. This behavior blocks the Node.js event loop, leading to a complete server hang and unresponsiveness for all users. The vulnerability can be exploited remotely by sending a request to the /session/grep endpoint with a harmful regex pattern.

A critical SQL injection vulnerability has been identified in the Hotel and Tourism Reservation System version 1.0. The issue arises in the 'tour' GET parameter of the 'tour.php' file, where user input is directly interpolated into SQL queries without any sanitization or validation. This vulnerability allows unauthenticated remote attackers to manipulate SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability was confirmed by using sqlmap to extract the entire database.

A heap buffer overflow vulnerability has been identified in the Android Framework component, specifically in the Load of LoadedArsc.cpp file. This vulnerability allows for a possible out-of-bounds write, leading to a local elevation of privilege. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A logic error in the Host Emulation Manager component allows for the potential launching of an activity from the background. This vulnerability could lead to local privilege escalation without requiring additional execution privileges. Exploitation of this issue does require user interaction.

A vulnerability in the Android framework and system components allows for local elevation of privilege. This issue arises from a confused deputy problem, where activity start restrictions can be bypassed. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A logic error in the Android Framework and System components allows for a potential bypass of user interaction when pairing a Bluetooth Low Energy (LE) device. This vulnerability could lead to remote (proximal/adjacent) escalation of privilege, with no additional execution privileges required. Exploitation does not involve user interaction.

A vulnerability allowing local elevation of privilege has been identified in the Android Framework and System components. This issue arises from misleading or insufficient user interface elements in the ForgetDeviceDialogFragment, which could trick users into forgetting a device. Exploitation of this vulnerability does not require any additional execution privileges or user interaction. Devices running Android 16 or 16 QPR2 are affected.

A vulnerability has been identified in the Bluetooth component of Android that allows for controlled heap corruption within a privileged process. This issue arises from an integer overflow, which could be exploited to escalate privileges locally, without requiring any additional execution rights or user interaction.

A vulnerability has been identified in the KeyChainActivity.java file, specifically in the getApplicationLabel function. This issue arises from the potential to mislead users into granting access to certificates, creating a risk of local privilege escalation. Notably, this vulnerability does not require any additional execution privileges and can be exploited without user interaction.

A vulnerability allowing local elevation of privilege has been identified in multiple components of the Android operating system, specifically within the Framework and System areas. This issue arises from possible misleading user interface elements due to obfuscation, which could be exploited to gain elevated privileges without requiring additional execution rights or user interaction. The vulnerability affects several different versions and ranges of Android.

A vulnerability allowing local elevation of privilege has been identified in the launcher process of Android devices. This issue arises from an over-privileged shell user, which could be exploited to execute code in the launcher process. The vulnerability affects multiple Android versions and does not require any additional execution privileges or user interaction for exploitation.

A vulnerability in the PackageInstallerService component of Android allows for the installation of unverified applications. This issue arises from a missing permission check in several functions of PackageInstallerService.java. Exploiting this vulnerability could lead to local elevation of privilege, with no additional execution privileges required. User interaction is not necessary for exploitation.

A vulnerability has been identified in the Android Framework and System components, specifically within the CertInstaller.java file. This issue arises in the 'getCallingAppLabel' function, where a sensitive security dialogue can be obscured due to unclear or inadequate user interface cues. As a result, this vulnerability could allow for local elevation of privilege, with no additional execution rights required. Exploitation of this vulnerability does not necessitate user interaction.

A logic error has been identified in the Domain Verification Service component of Android, specifically within the approvalLevelForDomainInternal function. This vulnerability creates a potential for hijacking arbitrary app links, leading to unauthorized escalation of privileges. Notably, exploitation of this issue does not require any additional execution privileges or user interaction.

A vulnerability allowing local elevation of privilege has been identified in the Android Framework and System components, specifically in versions of Android 16-qpr2. The issue arises from a missing null check in the 'DisableSupervisionActivity.kt' file, which creates a potential for unauthorized deletion of supervision data. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A denial-of-service vulnerability has been identified in the Android Framework and System components. The issue arises from improper input validation in the DataRowHandler class, specifically in the applySimpleFieldMaxSize method. This flaw allows the insertion of excessively large contact names, leading to a local denial-of-service condition. The vulnerability does not require any additional execution privileges and can be exploited without user interaction.