The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

This vulnerability allows appliance compromise at boot time.

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.