phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in MiniCMS 1.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OPSWAT MetaDefender before v4.11.2 allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of. Rated high severity (CVSS 7.0).
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a. Rated medium severity (CVSS 4.7).
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.