In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in rovinbhandari FTP through 2012-03-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.