In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.