Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Rated low severity (CVSS 1.2). No vendor patch available.