Search Results (83398 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-6988 1 Uclouvain 1 Openjpeg 2024-11-21 N/A
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
CVE-2019-6986 1 Duraspace 1 Vitro 2024-11-21 N/A
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.
CVE-2019-6982 2 Foxitsoftware, Microsoft 2 3d, Windows 2024-11-21 N/A
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.
CVE-2019-6979 1 Ip History Logs Project 1 Ip History Logs 2024-11-21 N/A
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
CVE-2019-6977 6 Canonical, Debian, Libgd and 3 more 7 Ubuntu Linux, Debian Linux, Libgd and 4 more 2024-11-21 N/A
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2019-6975 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2024-11-21 N/A
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-6969 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 7.5 High
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).
CVE-2019-6968 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 6.1 Medium
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
CVE-2019-6966 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.
CVE-2019-6965 1 I-doit 1 I-doit 2024-11-21 N/A
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVE-2019-6963 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.
CVE-2019-6962 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.
CVE-2019-6957 1 Bosch 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more 2024-11-21 9.8 Critical
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
CVE-2019-6859 1 Schneider-electric 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more 2024-11-21 7.5 High
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
CVE-2019-6853 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-11-21 6.1 Medium
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2019-6848 1 Schneider-electric 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more 2024-11-21 8.6 High
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.
CVE-2019-6847 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-11-21 4.9 Medium
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.
CVE-2019-6844 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-11-21 4.9 Medium
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.
CVE-2019-6843 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-11-21 4.9 Medium
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.
CVE-2019-6842 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-11-21 4.9 Medium
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.