|
210921
|
7.8 |
HIGH
Local
|
xnview
|
xnview_mp
|
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9962
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210922
|
9.8 |
CRITICAL
Network
|
limesurvey
|
limesurvey
|
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
|
CWE-22
Path Traversal
|
CVE-2019-9960
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210923
|
8.8 |
HIGH
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9956
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210924
|
9.1 |
CRITICAL
Network
|
python
opensuse
debian
fedoraproject
canonical
redhat
|
python
leap
debian_linux
fedora
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus
enterprise_linux_tus
ente…
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggerin…
|
CWE-22
Path Traversal
|
CVE-2019-9948
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210925
|
6.1 |
MEDIUM
Network
|
python
|
python
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir…
|
CWE-93
CRLF Injection
|
CVE-2019-9947
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210926
|
9.8 |
CRITICAL
Network
|
softnas
|
cloud
|
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login pa…
|
NVD-CWE-noinfo
|
CVE-2019-9945
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210927
|
3.7 |
LOW
Network
|
symfony
debian
|
twig
debian_linux
|
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed b…
|
NVD-CWE-noinfo
|
CVE-2019-9942
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210928
|
5.3 |
MEDIUM
Network
|
coreftp
|
core_ftp
|
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the ro…
|
CWE-22
Path Traversal
|
CVE-2019-9649
|
2024-11-21 13:52 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210929
|
5.3 |
MEDIUM
Network
|
coreftp
|
core_ftp
|
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker …
|
CWE-22
Path Traversal
|
CVE-2019-9648
|
2024-11-21 13:52 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210930
|
8.8 |
HIGH
Adjacent
|
ushareit
|
shareit
|
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to …
|
NVD-CWE-noinfo
|
CVE-2019-9939
|
2024-11-21 13:52 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
