Security Vulnerabilities
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-06-05
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-06-05
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-06-05
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-06-05
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-06-05
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-06-05
Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-06-05