An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the tar crate before 0.4.36 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
A component of the Huawei smartphone has a Double Free vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.