json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the Linux kernel through 5.6.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in the Linux kernel before 5.4.17. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in the Linux kernel through 5.6.11. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
An issue was discovered in the Linux kernel before 5.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.