| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. |
| Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. |
| On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. |
| Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. |
| Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. |
| Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. |
| Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. |
| libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. |
