6685 matches found
The vulnerability of the `debug_event_write_work_handler()` function in the `drivers/gpu/drm/amd/amdkfd/kfddebug.c` driver, a driver for supporting Direct Rendering Infrastructure (DRI) in AMD graphics cards for Linux operating systems, allows a hacker to trigger a service failure.
The vulnerability of the debugeventwriteworkhandler function in the drivers/gpu/drm/amd/amdkfd/kfddebug.c file, a driver for AMD Direct Rendering Infrastructure DRI graphics cards for Linux operating systems, is related to pointer manipulation. Exploiting this vulnerability could allow an attacke...
The vulnerability of the resource_build_bit_depth_reduction_params() function in the DRI driver for AMD kernel-based Linux graphics cards allows a attacker to cause a service failure.
The vulnerability of the resourcebuildbitdepthreductionparams function in the Direct Rendering Infrastructure DRI driver for AMD graphics cards in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2022-1416
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...
CVE-2022-24071
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...
CVE-2022-28648
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...
CVE-2022-28204
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere⌖=Property%3AP31=1=1 can take more than thirty seconds. There is a DDoS risk...
CVE-2022-2316
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2022-24717
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2021-27629
SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a...
CVE-2021-22645
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll fro...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
CVE-2020-1018
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a mask...
CVE-2020-13451
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...
CVE-2019-7296
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2019-13982
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview...
CVE-2011-2670
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets...
CVE-2011-0219
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts...