An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required.
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
ASP.NET Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Defender Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Event Tracing for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows TCP/IP Driver Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An issue has been discovered in GitLab affecting all versions starting with 13.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.
3D Viewer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Windows DCOM Server Security Feature Bypass. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.