| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). |
| BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. |
| A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server. |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. |
| Codiad Web IDE through 2.8.4 allows PHP Code injection. |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. |
| Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. |
| In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. |
| REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. |
| REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. |
| The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. |
