Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24633

Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...

8.7CVSS6AI score
Exploits0References5
OSV
OSV
added 2017/03/30 11:59 p.m.3 views

DEBIAN-CVE-2017-7346

The vmwgbsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service system hang via a crafted ioctl call for a /dev/dri/renderD device...

5.5CVSS7AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2017/03/24 9:59 p.m.3 views

DEBIAN-CVE-2017-7261

The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly panic via a crafted ioctl cal...

5.5CVSS6.3AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2017/03/24 12:0 a.m.6 views

UBUNTU-CVE-2017-7261

The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly panic via a crafted ioctl cal...

5.5CVSS6.7AI score0.00366EPSS
Exploits0References12
Rows per page
Query Builder