The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in keycloak in versions before 9.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in Keycloak in versions before 9.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.