Security Vulnerabilities - CVEs Published In January 2026
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-07
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
The Uniffle HTTP client is configured to trust all SSL certificates and
disables hostname verification by default. This insecure configuration
exposes all REST API communication between the Uniffle CLI/client and the
Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.
This issue affects all versions from before 0.10.0.
Users are recommended to upgrade to version 0.10.0, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-01-07
Cryptographic issue may occur while encrypting license data.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-07
Memory corruption while processing a secure logging command in the trusted application.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory corruption while processing identity credential operations in the trusted application.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory Corruption when multiple threads concurrently access and modify shared resources.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-01-07
Memory corruption while preprocessing IOCTLs in sensors.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07