Page 14 of 294 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. • https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a https://github.com/backstage/backstage/releases/tag/v1.15.0 https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr • CWE-94: Improper Control of Generation of Code ('Code Injection') •