Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.