Artiva Agency Single Sign-On(SSO)feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user.
PaperThin CommonSpot contains multiple vulnerabilities,which may allow an unauthenticated remote attacker to execute arbitrary code on the server.
PivotX 2.3.8,and possibly earlier versions,contains cross-site scripting(CWE-79)and unsafe file upload(CWE-434)vulnerabilities.
AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages(CWE-287).
Fortinet FortiADC D-series 3.2.0,and possibly earlier versions,contains a cross-site scripting vulnerability. (CWE-79)
ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0,and possibly earlier versions,is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable.
The Microsoft Office file format converter contains a memory corruption vulnerability,which may allow a remote,unauthenticated attacker to execute arbitrary code with the privileges of the user.
OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as"heartbleed."
Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface.
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities.
WatchGuard Fireware XTM 11.8.1,and possibly earlier versions,contains a cross-site scripting vulnerability.
Huawei E355 USB WiFi adapter with firmware version:21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. (CWE-425)