Backdoor.Win32.Hellza.120 malware suffers from a remote command execution vulnerability.
On Mali devices without the new CSF interface, IMPORTED_USER_BUF is released without flushing host-side VMAs, leading to a page use-after-free vulnerability.
Arm Mali has an issue where a driver exposes physical addresses to unprivileged userspace.
The Mali driver frees GPU page tables before removing the higher-level PTEs pointing to those page tables (and, therefore, also before issuing the required flushes). This means a racing memory…
In the Linux Mali driver, when building with MALI_USE_CSF, the VFS read handler of the main Mali file descriptor (kbase_read()) never looks at its “count” parameter. This means that a…
Wifi HD Wireless Disk Drive 11 – Local File Inclusion
WiFiMouse 1.8.3.4 – Remote Code Execution (RCE)
Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.
WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.