Intesync Solismed 3.3sp has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Work Time Calendar app before 4.7.1 for Jira allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Intesync Solismed 3.3sp1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Intesync Solismed 3.3sp allows Clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice &. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in XHQ (All versions < V6.0.0.2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions <. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.