Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Spectrum
NVD
CVSS 2.0
3.5
EPSS
0.2%
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for. Rated low severity (CVSS 1.8). No vendor patch available.
Information Disclosure
Ntp
NVD
CVSS 2.0
1.8
EPSS
0.8%