stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.