Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Stored XSS exists on Polycom QDX 6000 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.