|
223061
|
6.5 |
MEDIUM
Network
|
imagemagick
opensuse
|
imagemagick
leap
|
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-13296
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223062
|
8.8 |
HIGH
Network
|
imagemagick
debian
opensuse
canonical
|
imagemagick
debian_linux
leap
ubuntu_linux
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13295
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223063
|
9.8 |
CRITICAL
Network
|
arox
|
school-erp
|
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
|
CWE-287
CWE-434
Improper Authentication
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13294
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223064
|
9.8 |
CRITICAL
Network
|
weberp
|
weberp
|
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a S…
|
CWE-89
SQL Injection
|
CVE-2019-13292
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223065
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13291
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223066
|
7.8 |
HIGH
Local
|
artifex
|
mupdf
|
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13290
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223067
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdf…
|
CWE-416
Use After Free
|
CVE-2019-13289
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223068
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-13288
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223069
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13287
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223070
|
5.5 |
MEDIUM
Local
|
glyphandcog
fedoraproject
|
xpdfreader
fedora
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13286
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
