Search
Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9924 | 2 Debian, Gnu | 2 Debian Linux, Bash | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | |||||
| CVE-2020-9362 | 1 Quickheal | 6 Antivirus For Server, Antivirus Pro, Home Security and 3 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android. | |||||
| CVE-2019-9831 | 1 Airmore | 1 Airmore | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests. | |||||
| CVE-2020-1601 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1. | |||||
| CVE-2019-0203 | 1 Apache | 1 Subversion | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. | |||||
| CVE-2020-28458 | 1 Datatables | 1 Datatables.net | 2021-07-21 | 7.5 HIGH | 7.3 HIGH |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | |||||
| CVE-2020-1223 | 1 Microsoft | 1 Word | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'. | |||||
| CVE-2020-11691 | 1 Jetbrains | 1 Hub | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | |||||
| CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | |||||
| CVE-2020-0760 | 1 Microsoft | 10 Access, Excel, Office and 7 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | |||||
| CVE-2019-3484 | 1 Hp | 1 Arcsight Logger | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-18888 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). | |||||
| CVE-2020-11804 | 1 Titanhq | 1 Spamtitan | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | |||||
| CVE-2019-17532 | 1 Belkin | 2 Wemo Switch 28b, Wemo Switch 28b Firmware | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | |||||
| CVE-2020-27844 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2021-07-20 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-25868 | 1 Pexip | 1 Pexip Infinity | 2021-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). | |||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | |||||
| CVE-2021-31925 | 1 Pexip | 1 Pexip Infinity | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | |||||
| CVE-2021-27196 | 1 Abb | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | |||||
| CVE-2021-22349 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. | |||||
| CVE-2021-27660 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2021-07-06 | 6.5 MEDIUM | 8.8 HIGH |
| An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. | |||||
| CVE-2017-3162 | 1 Apache | 1 Hadoop | 2021-07-03 | 7.5 HIGH | 7.3 HIGH |
| HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. | |||||
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2021-07-02 | 9.0 HIGH | 8.8 HIGH |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7870 | 1 Unidocs | 2 Ezpdf Editor, Ezpdf Reader | 2021-07-02 | 6.5 MEDIUM | 7.2 HIGH |
| A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. | |||||
| CVE-2020-7862 | 1 Helpu | 4 Helpuftclient, Helpuftserver, Helpuserver and 1 more | 2021-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process. | |||||
| CVE-2017-0247 | 1 Microsoft | 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. | |||||
| CVE-2021-22377 | 1 Huawei | 10 S12700, S12700 Firmware, S2700 and 7 more | 2021-06-29 | 6.5 MEDIUM | 7.2 HIGH |
| There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. | |||||
| CVE-2016-8624 | 1 Haxx | 1 Curl | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. | |||||
| CVE-2016-8625 | 1 Haxx | 1 Curl | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | |||||
| CVE-2018-19204 | 1 Paessler | 1 Prtg Network Monitor | 2021-06-29 | 9.0 HIGH | 8.8 HIGH |
| PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor. | |||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | |||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | |||||
| CVE-2021-25684 | 1 Canonical | 1 Apport | 2021-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | |||||
| CVE-2018-0043 | 1 Juniper | 48 Ex2200, Ex2200-c, Ex2300 and 45 more | 2021-06-21 | 5.8 MEDIUM | 8.8 HIGH |
| Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 14.1X53 versions prior to 14.1X53-D130 on QFabric Series; 15.1F6 versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R1-S6 16.2R3; 17.1 versions prior to 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions prior to 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions prior to 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions prior to 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions prior to 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2021-0070 | 1 Intel | 2 Efi Bios 7215, Server Board M10jnp2sb | 2021-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. | |||||
| CVE-2020-11261 | 1 Qualcomm | 798 Apq8009, Apq8009 Firmware, Apq8009w and 795 more | 2021-06-16 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2016-8711 | 1 Gonitro | 1 Nitro Pdf Pro | 2021-06-16 | 6.8 MEDIUM | 7.8 HIGH |
| A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. | |||||
| CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | |||||
| CVE-2015-5175 | 1 Apache | 1 Cxf Fediz | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | |||||
| CVE-2018-8038 | 1 Apache | 1 Cxf Fediz | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. | |||||
| CVE-2020-11178 | 1 Qualcomm | 574 Aqt1000, Aqt1000 Firmware, Ar8031 and 571 more | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2016-8740 | 1 Apache | 1 Http Server | 2021-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | |||||
| CVE-2017-15715 | 5 Apache, Canonical, Debian and 2 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2021-06-06 | 6.8 MEDIUM | 8.1 HIGH |
| In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | |||||
| CVE-2016-2161 | 1 Apache | 1 Http Server | 2021-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | |||||
| CVE-2021-22359 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2021-06-04 | 7.8 HIGH | 7.5 HIGH |
| There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service abnormal. | |||||
| CVE-2020-27833 | 1 Redhat | 1 Openshift Container Platform | 2021-06-02 | 4.6 MEDIUM | 7.1 HIGH |
| A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected. | |||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | |||||
| CVE-2021-31863 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process. | |||||
| CVE-2021-1085 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-05-28 | 4.6 MEDIUM | 7.3 HIGH |
| NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7). | |||||
| CVE-2021-1084 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2021-05-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||