| Page(s) : 1 ... 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 ... | Result(s) : 146082 |
Alerts
| Date | Name | Categories | Detail | |
|---|---|---|---|---|
| 5 | 2019-05-20 | CVE-2019-12214 | cve | In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, a... |
| 4.3 | 2019-05-20 | CVE-2019-12213 | cve | When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. |
| 5 | 2019-05-20 | CVE-2019-12212 | cve | When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing st... |
| 5 | 2019-05-20 | CVE-2019-12211 | cve | When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of ... |
| 7.5 | 2019-05-20 | CVE-2019-12208 | cve | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. |
| 7.5 | 2019-05-20 | CVE-2019-12207 | cve | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. |
| 7.5 | 2019-05-20 | CVE-2019-12206 | cve | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. |
| 5.8 | 2019-05-20 | CVE-2018-12270 | cve | In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web si... |
| 4.3 | 2019-05-20 | CVE-2019-11809 | cve | An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. |
| 5 | 2019-05-20 | CVE-2019-12198 | cve | In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. |
| 9 | 2019-05-19 | CVE-2019-12185 | cve | eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a... |
| 3.5 | 2019-05-19 | CVE-2019-12184 | cve | There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC att... |
| 6.8 | 2019-05-17 | CVE-2019-12173 | cve | MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138. |
| 7.2 | 2019-05-17 | CVE-2019-8339 | cve | An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine. |
| 6.8 | 2019-05-17 | CVE-2019-12172 | cve | Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux,... |
| 9 | 2019-05-17 | CVE-2019-12170 | cve | ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attack... |
| 9 | 2019-05-17 | CVE-2019-12168 | cve | Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. |
| 5 | 2019-05-17 | CVE-2019-12163 | cve | GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request. |
| 6.8 | 2019-05-17 | CVE-2019-11644 | cve | In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard an... |
| 4 | 2019-05-17 | CVE-2019-12161 | cve | WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). |
| Page(s) : 1 ... 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 ... | Result(s) : 146082 |
