DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to. Rated medium severity (CVSS 4.7). No vendor patch available.
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.