|
213671
|
9.8 |
CRITICAL
Network
|
libgd
debian
canonical
|
libgd
debian_linux
ubuntu_linux
|
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
|
CWE-415
Double Free
|
CVE-2019-6978
|
2024-11-21 13:47 |
2019-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213672
|
8.8 |
HIGH
Network
|
libgd
php
debian
canonical
netapp
|
libgd
php
debian_linux
ubuntu_linux
storage_automation_store
|
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x bef…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-6977
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213673
|
5.3 |
MEDIUM
Network
|
libvips
|
libvips
|
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can resul…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-6976
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213674
|
5.9 |
MEDIUM
Network
|
phpmyadmin
debian
|
phpmyadmin
debian_linux
|
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the serv…
|
NVD-CWE-noinfo
|
CVE-2019-6799
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213675
|
9.8 |
CRITICAL
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
|
CWE-89
SQL Injection
|
CVE-2019-6798
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213676
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-6966
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213677
|
7.1 |
HIGH
Local
|
audiocoding
debian
|
freeware_advanced_audio_decoder_2
debian_linux
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-6956
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213678
|
9.8 |
CRITICAL
Network
|
s-cms
|
s-cms
|
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6805
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213679
|
6.1 |
MEDIUM
Network
|
pagerduty
|
rundeck
|
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6804
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213680
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6803
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
