A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.