The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.3%.
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.7%.
Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.