| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. |
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory. |
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. |
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. |
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. |
| Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots. |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. |
| Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. |
| VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
