An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Online Reviewer Management System v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.