|
223981
|
9.8 |
CRITICAL
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
|
CWE-89
SQL Injection
|
CVE-2019-17552
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223982
|
9.8 |
CRITICAL
Network
|
zzzcms
|
zzzphp
|
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
|
CWE-94
Code Injection
|
CVE-2019-17408
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223983
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
|
CWE-416
Use After Free
|
CVE-2019-17547
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223984
|
8.8 |
HIGH
Network
|
libtiff
osgeo
|
libtiff
gdal
|
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-17546
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223985
|
9.8 |
CRITICAL
Network
|
osgeo
oracle
debian
fedoraproject
opensuse
|
gdal
spatial_and_graph
debian_linux
fedora
leap
backports_sle
|
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
|
CWE-415
Double Free
|
CVE-2019-17545
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223986
|
9.1 |
CRITICAL
Network
|
gnu
canonical
|
aspell
ubuntu_linux
|
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17544
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223987
|
8.1 |
HIGH
Network
|
lz4_project
|
lz4
|
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead t…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17543
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223988
|
9.8 |
CRITICAL
Network
|
ffmpeg
canonical
debian
|
ffmpeg
ubuntu_linux
debian_linux
|
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17542
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223989
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
|
CWE-416
Use After Free
|
CVE-2019-17541
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223990
|
8.8 |
HIGH
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17540
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
