|
218421
|
8.8 |
HIGH
Network
|
libgd
php
debian
canonical
netapp
|
libgd
php
debian_linux
ubuntu_linux
storage_automation_store
|
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x bef…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-6977
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218422
|
5.3 |
MEDIUM
Network
|
libvips
|
libvips
|
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can resul…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-6976
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218423
|
5.9 |
MEDIUM
Network
|
phpmyadmin
debian
|
phpmyadmin
debian_linux
|
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the serv…
|
NVD-CWE-noinfo
|
CVE-2019-6799
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218424
|
9.8 |
CRITICAL
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
|
CWE-89
SQL Injection
|
CVE-2019-6798
|
2024-11-21 13:47 |
2019-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218425
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-6966
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218426
|
7.1 |
HIGH
Local
|
audiocoding
debian
|
freeware_advanced_audio_decoder_2
debian_linux
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-6956
|
2024-11-21 13:47 |
2019-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218427
|
9.8 |
CRITICAL
Network
|
s-cms
|
s-cms
|
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6805
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218428
|
6.1 |
MEDIUM
Network
|
pagerduty
|
rundeck
|
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6804
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218429
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6803
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218430
|
6.1 |
MEDIUM
Network
|
python
|
pypiserver
|
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
|
CWE-79
CWE-74
Cross-site Scripting
Injection
|
CVE-2019-6802
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
