In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.