National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,283 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-17547

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

Published: October 13, 2019; 10:15:11 PM -04:00
(not available)
CVE-2019-17546

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Published: October 13, 2019; 10:15:11 PM -04:00
(not available)
CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Published: October 13, 2019; 10:15:11 PM -04:00
(not available)
CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.)

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17541

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17540

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17539

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17501

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).

Published: October 13, 2019; 10:15:10 PM -04:00
(not available)
CVE-2019-17538

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.

Published: October 13, 2019; 03:15:09 PM -04:00
(not available)
CVE-2019-17537

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.

Published: October 13, 2019; 03:15:09 PM -04:00
(not available)
CVE-2019-17536

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

Published: October 13, 2019; 02:15:10 PM -04:00
(not available)
CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.

Published: October 13, 2019; 02:15:10 PM -04:00
(not available)
CVE-2019-17534

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

Published: October 12, 2019; 10:15:12 PM -04:00
(not available)
CVE-2019-17533

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

Published: October 12, 2019; 10:15:12 PM -04:00
(not available)
CVE-2019-17532

An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.

Published: October 12, 2019; 05:15:08 PM -04:00
(not available)
CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

Published: October 12, 2019; 05:15:08 PM -04:00
(not available)
CVE-2019-17530

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

Published: October 12, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17529

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

Published: October 12, 2019; 04:15:11 PM -04:00
(not available)