Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

This vulnerability allows appliance compromise at boot time.

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.