| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. |
| UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. |
| Grin through 2.1.1 has Insufficient Validation. |
| Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. |
| jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. |
| jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. |
| Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. |
| Nagios Log Server 2.1.3 has CSRF. |