Total
317451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9147 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. | |||||
| CVE-2019-9146 | 1 Jamf | 1 Self Service | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
| Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream. | |||||
| CVE-2019-9145 | 1 Hsycms | 1 Hsycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page. | |||||
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9143 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
| CVE-2019-9141 | 1 Imgtech | 1 Zoneplayer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. | |||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | |||||
| CVE-2019-9139 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9138 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9137 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9136 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9135 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9134 | 1 Solideos | 1 Architectural Information System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-9133 | 3 Fedoraproject, Kmplayer, Microsoft | 3 Fedora, Kmplayer, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. | |||||
| CVE-2019-9132 | 2 Kakaocorp, Microsoft | 2 Kakaotalk, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower. | |||||
| CVE-2019-9126 | 2 D-link, Dlink | 2 Dir-825 Rev.b Firmware, Dir-825 Rev.b | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | |||||
| CVE-2019-9125 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | |||||
| CVE-2019-9124 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | |||||
| CVE-2019-9123 | 2 D-link, Dlink | 2 Dir-825 Rev.b Firmware, Dir-825 Rev.b | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||