Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain. Rated medium severity (CVSS 6.9). No vendor patch available.
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop. Rated medium severity (CVSS 4.7). No vendor patch available.
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. Rated medium severity (CVSS 4.7). No vendor patch available.
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial. Rated medium severity (CVSS 4.7). No vendor patch available.
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. Rated medium severity (CVSS 4.7). No vendor patch available.
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to. Rated medium severity (CVSS 4.7). No vendor patch available.
The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.