In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
WordPress before 5.2.3 allows XSS in shortcode previews. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress before 5.2.3 allows XSS in stored comments. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.7).
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.7).
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).