The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

easywebpack-cli Path Traversal vulnerability

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

HP-UX aserver program allows local users to gain privileges via a symlink attack.

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability

In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077

Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.

Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing."