|
224141
|
8.1 |
HIGH
Network
|
libsdl
opensuse
debian
fedoraproject
canonical
|
simple_directmedia_layer
leap
debian_linux
fedora
ubuntu_linux
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-7636
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224142
|
8.1 |
HIGH
Network
|
libsdl
opensuse
debian
fedoraproject
canonical
|
simple_directmedia_layer
leap
backports_sle
debian_linux
fedora
ubuntu_linux
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-7635
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224143
|
8.8 |
HIGH
Network
|
lifesize
|
team_220_firmware
passport_220_firmware
networker_220_firmware
room_220_firmware
|
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The li…
|
CWE-78
OS Command
|
CVE-2019-7632
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224144
|
5.9 |
MEDIUM
Network
|
redhat
|
pagure
|
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on be…
|
CWE-200
Information Exposure
|
CVE-2019-7628
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224145
|
9.8 |
CRITICAL
Network
|
nginx
|
unit
|
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process cr…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7401
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224146
|
9.8 |
CRITICAL
Network
|
bo-blog
|
bw
|
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.
|
CWE-89
SQL Injection
|
CVE-2019-7587
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224147
|
9.8 |
CRITICAL
Network
|
bijiadao
|
waimai_super_cms
|
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
|
CWE-89
SQL Injection
|
CVE-2019-7585
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224148
|
8.8 |
HIGH
Network
|
libming
|
libming
|
The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-7582
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224149
|
8.8 |
HIGH
Network
|
libming
|
libming
|
The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a dif…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-7581
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224150
|
8.8 |
HIGH
Network
|
thinkcmf
|
thinkcmf
|
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/co…
|
CWE-94
Code Injection
|
CVE-2019-7580
|
2024-11-21 13:48 |
2019-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
