util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.