Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an. Rated medium severity (CVSS 6.0). No vendor patch available.
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. Rated low severity (CVSS 3.7), this vulnerability is low attack complexity. No vendor patch available.