IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.