The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack.

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.