CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1081
https://notcve.org/view.php?id=CVE-2021-1081
29 Apr 2021 — NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7). El software NVIDIA vGPU contiene una vulnerabilidad en el controlador de modo de kernel invitado y el administrador de Virtual GPU (plugin vGPU), en el que la long... • https://nvidia.custhelp.com/app/answers/detail/a_id/5172 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1060
https://notcve.org/view.php?id=CVE-2021-1060
08 Jan 2021 — NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del modo kernel invitado y en el plugin vGPU, en el que un índice de entrada no es comprobado, lo que puede conllevar a una alteración de los datos o a una denegación d... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1058
https://notcve.org/view.php?id=CVE-2021-1058
08 Jan 2021 — NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del modo kernel invitado y en el plugin vGPU, en el que el tamaño de los datos de entrada no es comprobado, lo que puede conllevar a una alteración de los datos o a... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-0012
https://notcve.org/view.php?id=CVE-2015-0012
11 Feb 2015 — Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability." Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 no valida correctamente los roles de los usuarios, lo que permite a usuarios locales ... • http://www.securityfocus.com/bid/72473 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2004-0723
https://notcve.org/view.php?id=CVE-2004-0723
23 Jul 2004 — Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." La máquina virtual (VM) Java de Microsoft 5.0.0.3810 permite a atacantes remotos saltarse restricciones de la caja de arena o escribir ciertos datos entre applets de diferentes dominios mediante órdenes "GET/Key" y "PUT/Key/Value". Vulnerabilidad también conocidad como ... • http://marc.info/?l=bugtraq&m=108948405808522&w=2 •
CVSS: 9.8EPSS: 26%CPEs: 11EXPL: 1CVE-2003-0111 – Microsoft Java Virtual Machine 3802 Series - Bytecode Verifier
https://notcve.org/view.php?id=CVE-2003-0111
15 Apr 2003 — The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." El componente Verificador de ByteCode de la Máquina Virtual (VW) de Microsoft compilación 5.0.3809 y anteriores, usada en en Windows y en Internet Explorer, permite a atacantes remotos eludir comprobaciones de s... • https://www.exploit-db.com/exploits/22027 •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-2002-1286
https://notcve.org/view.php?id=CVE-2002-1286
14 Nov 2002 — The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. La implementación de Java de Microsoft, como la usada en Internet Explorer, permite a atacantes remotos robar cookies y ejecutar script en un contexto de ... • http://marc.info/?l=bugtraq&m=103682630823080&w=2 •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2002-1287
https://notcve.org/view.php?id=CVE-2002-1287
14 Nov 2002 — Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. • http://marc.info/?l=bugtraq&m=103682630823080&w=2 •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0CVE-2002-1288
https://notcve.org/view.php?id=CVE-2002-1288
14 Nov 2002 — The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call. • http://marc.info/?l=bugtraq&m=103682630823080&w=2 •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2002-1289
https://notcve.org/view.php?id=CVE-2002-1289
14 Nov 2002 — The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. • http://marc.info/?l=bugtraq&m=103682630823080&w=2 •