ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

Use After Free in GitHub repository vim/vim prior to 8.2.

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.