From DHS/US-CERT's National Vulnerability Database
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...