A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Octopus Deploy through 2020.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with a new entitlement. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).
A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.0). No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.
A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 6.4). No vendor patch available.
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A file access issue existed with certain home folder files. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.