Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

Information disclosure while handling SA query action frame.

INformation disclosure while handling Multi-link IE in beacon frame.

Memory corruption while processing IOCTL handler in FastRPC.

Memory corruption when the bandpass filter order received from AHAL is not within the expected range.

Memory corruption while allocating memory for graphics.

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Transient DOS while parse fils IE with length equal to 1.