Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.