Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.

Memory corruption while processing IOCTL call for getting group info.

Memory corruption while processing concurrent IOCTL calls.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

Memory corruption when user provides data for FM HCI command control operations.