| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. |
| Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. |
| In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. |
| JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. |
| AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. |
| libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. |
| Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. |
| Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. |
| In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. |
| In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. |
| In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. |
| Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. |
| WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. |
| In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. |
| In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. |
| libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. |
| A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. |
