A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Some ZTE devices have input verification vulnerabilities. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.