On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.