ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.

Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.

PrestaShop before 1.4.11 allows logout CSRF.

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

Belkin n750 routers have a buffer overflow.

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.

Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.

Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.

TRENDnet TS-S402 has a backdoor to enable TELNET.

QNAP VioCard 300 has hardcoded RSA private keys.

Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.

A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image.

In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters' abilities to vote for a candidate opposed by the attacker.

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to.

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.