Show filters
201 Total Results
Displaying 11-20 of 201
Sort by:
Attacker Value
Unknown

CVE-2022-23824

Disclosure Date: November 08, 2022 (last updated February 04, 2024)
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Attacker Value
Unknown

CVE-2022-23825

Disclosure Date: July 12, 2022 (last updated November 08, 2023)
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Attacker Value
Unknown

CVE-2022-29900

Disclosure Date: July 12, 2022 (last updated October 18, 2023)
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Attacker Value
Unknown

CVE-2021-41182

Disclosure Date: October 26, 2021 (last updated November 28, 2024)
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Attacker Value
Unknown

CVE-2021-41183

Disclosure Date: October 26, 2021 (last updated November 28, 2024)
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
Attacker Value
Unknown

CVE-2021-41184

Disclosure Date: October 26, 2021 (last updated November 28, 2024)
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
Attacker Value
Unknown

CVE-2015-7747

Disclosure Date: February 19, 2020 (last updated February 21, 2025)
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
Attacker Value
Unknown

CVE-2016-1544

Disclosure Date: February 06, 2020 (last updated February 21, 2025)
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
Attacker Value
Unknown

CVE-2015-6815

Disclosure Date: January 31, 2020 (last updated February 21, 2025)
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Attacker Value
Unknown

CVE-2015-5745

Disclosure Date: January 23, 2020 (last updated February 21, 2025)
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.