Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.