Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Memory corruption while station LL statistic handling.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

Transient DOS while processing the CU information from RNR IE.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).