|
213501
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
3d
|
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-6982
|
2024-11-21 13:47 |
2019-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213502
|
6.1 |
MEDIUM
Network
|
ip_history_logs_project
|
ip_history_logs
|
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6979
|
2024-11-21 13:47 |
2019-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213503
|
9.8 |
CRITICAL
Network
|
libgd
debian
canonical
|
libgd
debian_linux
ubuntu_linux
|
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
|
CWE-415
Double Free
|
CVE-2019-6978
|
2024-11-21 13:47 |
2019-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213504
|
8.8 |
HIGH
Network
|
libgd
php
debian
canonical
netapp
|
libgd
php
debian_linux
ubuntu_linux
storage_automation_store
|
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x bef…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-6977
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213505
|
5.3 |
MEDIUM
Network
|
libvips
|
libvips
|
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can resul…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-6976
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213506
|
5.9 |
MEDIUM
Network
|
phpmyadmin
debian
|
phpmyadmin
debian_linux
|
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the serv…
|
NVD-CWE-noinfo
|
CVE-2019-6799
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213507
|
9.8 |
CRITICAL
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
|
CWE-89
SQL Injection
|
CVE-2019-6798
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213508
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-6966
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213509
|
7.1 |
HIGH
Local
|
audiocoding
debian
|
freeware_advanced_audio_decoder_2
debian_linux
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-6956
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213510
|
9.8 |
CRITICAL
Network
|
s-cms
|
s-cms
|
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6805
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
