A Stack Overflow exists when parsing .m3u files. The vulnerability is caused due to a boundary error when handling a crafted .m3u files.
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine allows a local low privileged user to gain elevation of privileges.
Cisco UCS Manager contains a OS Command Injection vulnerability in /settings/ping function, which allows unauthenticated attackers to gain arbitrary code execution on the affected system.
In the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local) path as SYSTEM when the execute_installer parameter is used in an HTTP message.
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
QNAP Qcenter Virtual Appliance contains multiples vulnerabilities which allows authenticated attackers to gain arbitrary code execution on the affected system with root privileges.
Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.
Apache CouchDB contains an Authentication Bypass vulnerability and a OS Command Injection vulnerability, which allows attackers to gain arbitrary code execution on the affected system.
A Buffer Overflow exists in Zip-n-Go 4.9 when parsing .ZIP files. The vulnerability is caused due to a boundary error when handling a crafted .ZIP files.
Delta Industrial COMMGR is prone to a buffer overflow when handling spacially crafted packets.