Search Results (323561 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-6983 2 Foxitsoftware, Microsoft 2 3d, Windows 2024-11-21 N/A
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory.
CVE-2019-6982 2 Foxitsoftware, Microsoft 2 3d, Windows 2024-11-21 N/A
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.
CVE-2019-6981 1 Synacor 1 Zimbra Collaboration Suite 2024-11-21 N/A
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
CVE-2019-6980 1 Synacor 1 Zimbra Collaboration Suite 2024-11-21 N/A
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
CVE-2019-6979 1 Ip History Logs Project 1 Ip History Logs 2024-11-21 N/A
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
CVE-2019-6978 4 Canonical, Debian, Libgd and 1 more 4 Ubuntu Linux, Debian Linux, Libgd and 1 more 2024-11-21 N/A
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2019-6977 6 Canonical, Debian, Libgd and 3 more 7 Ubuntu Linux, Debian Linux, Libgd and 4 more 2024-11-21 N/A
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2019-6976 1 Libvips 1 Libvips 2024-11-21 N/A
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.
CVE-2019-6975 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2024-11-21 N/A
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-6974 5 Canonical, Debian, F5 and 2 more 29 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 26 more 2024-11-21 8.1 High
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-6973 2 Genivia, Sricam 16 Gsoap, Nvs001, Sh016 and 13 more 2024-11-21 N/A
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
CVE-2019-6972 1 Tp-link 2 Tl-wr1043nd, Tl-wr1043nd Firmware 2024-11-21 N/A
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).
CVE-2019-6971 1 Tp-link 2 Tl-wr1043nd, Tl-wr1043nd Firmware 2024-11-21 N/A
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.
CVE-2019-6969 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 7.5 High
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).
CVE-2019-6968 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 6.1 Medium
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
CVE-2019-6967 1 Airties 2 Air 5341, Air 5341 Firmware 2024-11-21 N/A
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
CVE-2019-6966 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.
CVE-2019-6965 1 I-doit 1 I-doit 2024-11-21 N/A
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVE-2019-6964 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.
CVE-2019-6963 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.