Rgod

Name of the Vulnerable Software and Affected Versions: Oxford Instruments Imaris Viewer (affected versions not specified) Description: The software contains a remote code execution issue due to an uninitialized pointer during IMS file parsing. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oxford Instruments Imaris Viewer (affected versions not specified) Description: The software contains an out-of-bounds write flaw in the IMS file parsing functionality, potentially leading to remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Marvell QConvergeConsole (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information or create a denial-of-service condition on affected installations. Authentication is not required to exploit this issue. The flaw exists within the implementation of the `compressConfigFiles` method due to a lack of proper validation of a user-supplied path prior to its use in file operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure problem. It affects the restoreESwitchConfig functionality. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure vulnerability in the compressDriverFiles component of Marvell QConvergeConsole. This allows for potential information disclosure. The estimated number of potentially affected devices and details about real-world incidents are not provided. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue concerns a directory traversal arbitrary file deletion vulnerability in the deleteEventLogFile function of Marvell QConvergeConsole. This allows for the deletion of arbitrary files. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure vulnerability in the getFileUploadBytes function. This allows for potential information disclosure. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: This issue allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole without requiring authentication. The flaw exists within the implementation of the `saveNICParamsToFile` method due to the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to write files in the context of SYSTEM. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure problem. It is described as a 0-day vulnerability, indicating that it is a previously unknown issue. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: This issue allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole without requiring authentication. The flaw exists within the implementation of the `deleteAppFile` method due to the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to delete files in the context of SYSTEM. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure vulnerability in the getFileUploadSize function. This allows for potential information disclosure. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. The specific flaw exists within the implementation of the `getFileFromURL` method, which lacks proper validation of user-supplied data. This allows the upload of arbitrary files, enabling an attacker to execute code in the context of SYSTEM. Authentication is not required to exploit this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `getFileFromURL` method until a patch is available. Restrict access to the `getFileFromURL` method to minimize the risk of exploitation. Avoid using the `getFileFromURL` method in affected installations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal remote code execution vulnerability in the saveAsText function. This allows for potential remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure vulnerability in the compressFirmwareDumpFiles functionality. This vulnerability allows for the potential disclosure of sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure vulnerability in the getFileUploadBytes function. This allows for potential information disclosure. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue is related to a directory traversal information disclosure problem in the getDriverTmpPath function. This allows for the potential disclosure of sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole (affected versions not specified) Description: The issue concerns a directory traversal vulnerability in the QLogicDownloadImpl component of Marvell QConvergeConsole, allowing for arbitrary file deletion and information disclosure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IrfanView CADImage Plugin (affected versions not specified) Description: The issue resides in the CADImage plugin for IrfanView, a graphics, video, and audio file viewer and player. The vulnerability is an out-of-bounds write in memory when parsing DWG files. Successful exploitation could allow an attacker to execute arbitrary code using specially crafted DWG files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** IrfanView CADImage Plugin (affected versions not specified) **Description:** The IrfanView CADImage plugin contains a buffer overflow issue during DWG file parsing. Successful exploitation of this issue could allow an attacker to execute arbitrary code through a specially crafted DWG file. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files and results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.