Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.