Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website..

Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Uclibc-ng is prone to a denial of service (DoS) vulnerability.This allow a remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources via certain vulnerable vectors.

Oracle One-to-one Fulfillment is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

NetBackup services can execute commands on the local system from a whitelist of directories. A local user can escape that whitelist by using one or more ../ as part of a path to execute any command on the system.

Oracle Outside In Technology is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Wireshark is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)

Oracle Peoplesoft Enterprise Human Capital Management Eperformance is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the ‘reasoncms-master/www/nyroModal/demoSent.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Saltstack Salt is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

Mybb Merge System is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. .

Simon Tatham Putty is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a ‘Sweet32’ attack..

Syspass is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Core Banking Core component to partially access data

The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.

A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to access data

The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().

Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.