Search

Search Results (363079 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-7175 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVE-2019-7174 1 Roxyfileman 1 Roxy Fileman 2024-11-21 N/A
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
CVE-2019-7173 1 Croogo 1 Croogo 2024-11-21 N/A
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVE-2019-7172 1 Atutor 1 Atutor 2024-11-21 N/A
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
CVE-2019-7171 1 Croogo 1 Croogo 2024-11-21 N/A
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7170 1 Croogo 1 Croogo 2024-11-21 N/A
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7169 1 Croogo 1 Croogo 2024-11-21 N/A
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7168 1 Croogo 1 Croogo 2024-11-21 N/A
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2019-7167 1 Z.cash 1 Zcash 2024-11-21 N/A
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
CVE-2019-7165 3 Debian, Dosbox, Fedoraproject 3 Debian Linux, Dosbox, Fedora 2024-11-21 N/A
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVE-2019-7164 5 Debian, Opensuse, Oracle and 2 more 9 Debian Linux, Backports Sle, Leap and 6 more 2024-11-21 9.8 Critical
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-7163 1 Tcl 2 Alcatel Linkzone, Alcatel Linkzone Firmware 2024-11-21 N/A
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.
CVE-2019-7160 1 Idreamsoft 1 Icms 2024-11-21 N/A
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
CVE-2019-7159 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 N/A
OX App Suite 7.10.1 and earlier allows Information Exposure.
CVE-2019-7158 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 N/A
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
CVE-2019-7156 1 Libdoc Project 1 Libdoc 2024-11-21 N/A
In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.
CVE-2019-7155 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group.
CVE-2019-7154 1 Webassembly 1 Binaryen 2024-11-21 6.5 Medium
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
CVE-2019-7153 1 Webassembly 1 Binaryen 2024-11-21 6.5 Medium
A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
CVE-2019-7152 1 Webassembly 1 Binaryen 2024-11-21 6.5 Medium
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.