BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, remote attacker to cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file.
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 126.96.36.199 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.