A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 18.104.22.168-4o and earlier, Gen 6 version 22.214.171.124-32n, 126.96.36.199-4n, 188.8.131.52-4n, 184.108.40.206-3n, 220.127.116.11-3n, 18.104.22.168-3n, 22.214.171.124-3n, 126.96.36.199-4n and SonicOSv 188.8.131.52-8v_RC363 (VMWARE), 184.108.40.206.8v_RC367 (AZURE), SonicOSv 220.127.116.11.8v_RC368 (AWS), SonicOSv 18.104.22.168.8v_RC366 (HYPER_V).
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.