An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in S-CMS 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c). Rated medium severity (CVSS 4.7). Public exploit code available.
An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.