VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers Make a logged in admin open the below URL using web browser which does not encode characters...

K05765031: vCMP vulnerability CVE-2019-6670

Security Advisory Description vCMP hypervisors incorrectly expose the plaintext unit key for their vCMP guests on the file system. CVE-2019-6670 Impact An attacker may use this vulnerability to extract the master key of vCMP guests. Security Advisory Status F5 Product Development has assigned ID...

The vulnerability of the System Management Unit (SMU) subsystem in AMD microprogramming software allows a hacker to trigger a service failure.

The vulnerability of the System Management Unit SMU subsystem in AMD microprogramming systems is related to the improper release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2025-49649

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc2+ 89 Description The Linux kernel contains a flaw in the IOMMU/AMD subsystem related to page fault error reporting. If the IOMMU domain for a device group is not properly configured, a page fault may...

SUSE CVE-2005-0605

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmapunit value that leads to a buffer overflow...

SUSE CVE-2009-3613

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service IOMMU space exhaustion and system crash by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping...

SUSE CVE-2009-3888

The dommappgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service OOPS via an application that attempts to allocate a large amount of memory...

SUSE CVE-2009-4536

drivers/net/e1000/e1000main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a craft...

SUSE CVE-2010-1446

arch/powerpc/mm/fslbookemmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke...

SUSE CVE-2011-1957

The dissectdcmmain function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service infinite loop via an invalid PDU length...

SUSE CVE-2011-3131

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCIE device to cause a denial of service CPU consumption and host hang via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock...

SUSE CVE-2012-1185

Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...

SUSE CVE-2013-4329

The xenlight library libxl in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction...

SUSE CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

SUSE CVE-2015-1272

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown,...

SUSE CVE-2015-4556

The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...

SUSE CVE-2015-5621

The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariablelist item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted packet...

SUSE CVE-2015-8215

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service packet loss via a value that is 1 smaller than the minimum compliant value or 2 larger than the MTU of a...

SUSE CVE-2016-5040

libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a large length value in a compilation unit header...

SUSE CVE-2017-5926

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...