Sumit Siddharth

**Name of the Vulnerable Software and Affected Versions** GForge versions 4.6b2 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `skill delete[]` parameter in the www/people/editprofile.php file. **Recommendations** For GForge versions 4.6b2 and earlier, avoid using the `skill delete[]` parameter in the www/people/editprofile.php file until a fix is available. As a temporary workaround, consider restricting access to the editprofile.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Intel Graphics Accelerator Driver version 6.14.10.4308 Description: The issue allows attackers to cause a denial of service, resulting in a crash or a change in screen resolution, by exploiting a long text field in the ialmnt5.sys component of the Intel Graphics Accelerator Driver. This can be achieved by using a long window title. Recommendations: For Intel Graphics Accelerator Driver version 6.14.10.4308, consider avoiding the use of long text fields, especially in window titles, to minimize the risk of exploitation until a patch is available.