| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14802 | Cri | 0.64 | 9.8 | 0.04 | Oct 1, 2018 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. | ||
| CVE-2018-14794 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. | ||
| CVE-2018-14790 | Cri | 0.64 | 9.8 | 0.05 | Oct 1, 2018 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | ||
| CVE-2018-17852 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | ||
| CVE-2018-17831 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list… | ||
| CVE-2018-17825 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE. | ||
| CVE-2018-17796 | Cri | 0.64 | 9.8 | 0.02 | Sep 30, 2018 | An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the… | ||
| CVE-2018-9079 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2018 | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary… | ||
| CVE-2018-15764 | Cri | 0.64 | 9.8 | 0.05 | Sep 28, 2018 | Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM. | ||
| CVE-2018-5393 | Cri | 0.65 | 9.8 | 0.13 | Sep 28, 2018 | The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user… | ||
| CVE-2018-17613 | Cri | 0.64 | 9.8 | 0.02 | Sep 28, 2018 | Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | ||
| CVE-2018-17611 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||
| CVE-2018-17610 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||
| CVE-2018-17609 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||
| CVE-2018-17608 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||
| CVE-2018-17607 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||
| CVE-2018-17575 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2018 | SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | ||
| CVE-2018-17573 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and… | ||
| CVE-2018-17397 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. | ||
| CVE-2018-17394 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. | ||
| CVE-2018-17391 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. | ||
| CVE-2018-17385 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter. | ||
| CVE-2018-17384 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter. | ||
| CVE-2018-17383 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter. | ||
| CVE-2018-17382 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter. | ||
| CVE-2018-17380 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | ||
| CVE-2018-17379 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | ||
| CVE-2018-17378 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter. | ||
| CVE-2018-17377 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. | ||
| CVE-2018-17376 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter. | ||
| CVE-2018-17375 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter. | ||
| CVE-2018-16659 | Cri | 0.67 | 9.8 | 0.03 | Sep 28, 2018 | An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. | ||
| CVE-2018-14957 | Cri | 0.64 | 9.8 | 0.02 | Sep 28, 2018 | CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | ||
| CVE-2018-14956 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | ||
| CVE-2018-7104 | Cri | 0.64 | 9.8 | 0.09 | Sep 27, 2018 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | ||
| CVE-2018-7103 | Cri | 0.64 | 9.8 | 0.09 | Sep 27, 2018 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | ||
| CVE-2018-17570 | Cri | 0.00 | 9.8 | 0.02 | Sep 26, 2018 | utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||
| CVE-2018-17569 | Cri | 0.00 | 9.8 | 0.02 | Sep 26, 2018 | network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||
| CVE-2018-17568 | Cri | 0.00 | 9.8 | 0.02 | Sep 26, 2018 | utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||
| CVE-2018-17411 | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2018 | An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | ||
| CVE-2018-15531 | — | Cri | 0.59 | 9.8 | 0.28 | Sep 26, 2018 | JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |
| CVE-2018-17566 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2018 | In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |
| CVE-2018-17410 | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2018 | Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||
| CVE-2018-14823 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2018-14819 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2018-14817 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2018-14815 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | ||
| CVE-2018-14813 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2018-14811 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. | ||
| CVE-2018-14809 | Cri | 0.64 | 9.8 | 0.03 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. |
- risk 0.64cvss 9.8epss 0.04
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.
- risk 0.64cvss 9.8epss 0.02
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
- risk 0.64cvss 9.8epss 0.05
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.
- risk 0.64cvss 9.8epss 0.02
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the…
- risk 0.64cvss 9.8epss 0.01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary…
- risk 0.64cvss 9.8epss 0.05
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.
- risk 0.65cvss 9.8epss 0.13
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user…
- risk 0.64cvss 9.8epss 0.02
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
- risk 0.64cvss 9.8epss 0.03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
- risk 0.64cvss 9.8epss 0.03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
- risk 0.64cvss 9.8epss 0.03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
- risk 0.64cvss 9.8epss 0.03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
- risk 0.64cvss 9.8epss 0.03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
- risk 0.64cvss 9.8epss 0.01
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.
- risk 0.64cvss 9.8epss 0.03
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and…
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
- risk 0.67cvss 9.8epss 0.03
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
- risk 0.64cvss 9.8epss 0.02
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).
- risk 0.64cvss 9.8epss 0.03
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.
- risk 0.64cvss 9.8epss 0.09
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
- risk 0.64cvss 9.8epss 0.09
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
- risk 0.00cvss 9.8epss 0.02
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
- risk 0.00cvss 9.8epss 0.02
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
- risk 0.00cvss 9.8epss 0.02
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
- risk 0.64cvss 9.8epss 0.02
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
- risk 0.59cvss 9.8epss 0.28
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
- risk 0.64cvss 9.8epss 0.02
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
- risk 0.64cvss 9.8epss 0.02
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.03
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.