GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.