Command injection in Vim 9.x text editor allows local attackers to execute arbitrary shell commands when a user opens specially crafted .tgz archive filenames. The vulnerability exploits insufficient sanitization in the tar#Vimuntar() function's shellescape() call, enabling cmdline-special character expansion. Exploitation requires user interaction (opening the malicious archive) and high attack complexity (filename manipulation), limiting real-world risk despite the command injection class. Fixed in version 9.2.0479 via GitHub commit 3fb5e58f. No evidence of active exploitation or public POC beyond the vendor's test case.
HarmonyOS app management and control module permits local privilege escalation through improper permission controls, allowing unauthenticated local attackers with user interaction to access confidential service data. CVSS 3.6 (low severity) reflects local-only attack vector and requirement for user interaction, though the privilege escalation nature means affected systems warrant review for deployment context.
Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.
Authenticated users in Mattermost 11.5.x through 11.5.1 and 10.11.x through 10.11.13 can modify post attachments, properties, and pin status beyond the configured edit time window. The vulnerability bypasses the PostEditTimeLimit control via patch and update API endpoints, allowing indefinite modification of non-message post metadata after the intended edit window expires. CVSS 3.1 (Low) reflects network vector with high complexity and low-privilege requirements, while no public exploit or CISA KEV listing exists at time of analysis.
Stack overflow in Huawei HarmonyOS media platform allows local authenticated users to cause denial of service through a crafted media file that triggers stack memory exhaustion. The vulnerability requires user interaction and authenticated access (CVSS PR:L), limiting its real-world severity despite affecting availability. No public exploit code or active exploitation has been identified at the time of analysis.
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
Insufficient parameter sanitization in the AMD TEE SOC Driver's DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT command handler allows high-privileged local attackers to trigger incorrect shared memory mapping via malformed parameters, potentially disclosing sensitive information. The vulnerability affects AMD Radeon RX 6000/7000, Radeon Pro W6000/W7000, and Instinct MI-series GPUs. CVSS 1.8 reflects high-privilege requirement and local-only attack vector with severe attack complexity, but the information disclosure impact and active vendor acknowledgment indicate targeted risk to privileged processes.
Insufficient parameter sanitization in TEE SOC Driver on AMD Instinct MI300A, MI300X, MI308X, and MI325X accelerators allows local high-privileged attackers to issue malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS commands that write invalid data to remote Dies, resulting in availability impact through unexpected behavior. The vulnerability requires local access and high privileges, with a CVSS score of 1.8 indicating minimal real-world risk despite potential data integrity concerns.
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of. Rated low severity (CVSS 1.8). No vendor patch available.
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.