Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web address and credentials. •     IPSEC credentials. •     Web interface access credentials for user and admin accounts. •     JuiceBox system components (software installed, model, firmware version, etc.). •     C2G configuration details. •     Internal IP addresses. •     OTA firmware update configurations (DNS servers). All the credentials are stored in logs in an unencrypted plaintext format.

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.