A vulnerability classified as problematic has been found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows NTFS Elevation of Privilege Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of. Rated low severity (CVSS 3.0). No vendor patch available.
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. Rated low severity (CVSS 2.5). No vendor patch available.
In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page. Rated low severity (CVSS 2.2). No vendor patch available.
In affected versions of Octopus Server error messages were handled unsafely on the error page. Rated low severity (CVSS 1.8), this vulnerability is remotely exploitable. No vendor patch available.
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability classified as critical was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability was found in GNU Binutils 2.43 and classified as critical.c of the component ld. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.