|
221111
|
7.8 |
HIGH
Local
|
xnview
|
xnview_mp
|
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9965
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221112
|
7.8 |
HIGH
Local
|
xnview
|
xnview_mp
|
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporary…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9964
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221113
|
7.8 |
HIGH
Local
|
xnview
|
xnview_mp
|
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9963
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221114
|
7.8 |
HIGH
Local
|
xnview
|
xnview_mp
|
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9962
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221115
|
9.8 |
CRITICAL
Network
|
limesurvey
|
limesurvey
|
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
|
CWE-22
Path Traversal
|
CVE-2019-9960
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221116
|
8.8 |
HIGH
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9956
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221117
|
9.1 |
CRITICAL
Network
|
python
opensuse
debian
fedoraproject
canonical
redhat
|
python
leap
debian_linux
fedora
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus
enterprise_linux_tus
ente…
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggerin…
|
CWE-22
Path Traversal
|
CVE-2019-9948
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221118
|
6.1 |
MEDIUM
Network
|
python
|
python
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir…
|
CWE-93
CRLF Injection
|
CVE-2019-9947
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221119
|
9.8 |
CRITICAL
Network
|
softnas
|
cloud
|
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login pa…
|
NVD-CWE-noinfo
|
CVE-2019-9945
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221120
|
3.7 |
LOW
Network
|
symfony
debian
|
twig
debian_linux
|
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed b…
|
NVD-CWE-noinfo
|
CVE-2019-9942
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
