rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the pancurses crate through 0.16.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the ammonia crate before 2.1.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the memoffset crate before 0.5.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the simd-json crate before 0.1.15 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.