An issue existed in the handling of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
This issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An access issue existed in Content Security Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. Rated medium severity (CVSS 6.3). No vendor patch available.
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue was discovered in the Linux kernel before 5.8.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue existed in the handling of iMessage tapbacks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
<p>A security feature bypass vulnerability exists in the PowerShellGet V2 module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.