There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Rated medium severity (CVSS 4.8). No vendor patch available.