NVD: fully analised CVE

Subscribe to NVD: fully analised CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 1 óra 7 perc
2019. szeptember 16.

CVE-2019-8368 (openemr)

OpenEMR v5.0.1-6 allows XSS.
2019. szeptember 16.

CVE-2019-8371 (openemr)

OpenEMR v5.0.1-6 allows code execution.
2019. szeptember 16.

CVE-2016-10973 (brafton)

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
2019. szeptember 16.

CVE-2016-10972 (newspaper)

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
2019. szeptember 16.

CVE-2019-16350 (ffjpeg)

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
2019. szeptember 16.

CVE-2019-16351 (ffjpeg)

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.
2019. szeptember 16.

CVE-2019-16352 (ffjpeg)

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
2019. szeptember 16.

CVE-2016-10969 (supportflow)

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.
2019. szeptember 16.

CVE-2016-10970 (supportflow)

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
2019. szeptember 16.

CVE-2019-16346 (ngiflib)

ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
2019. szeptember 16.

CVE-2019-16347 (ngiflib)

ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
2019. szeptember 16.

CVE-2019-16348 (libwav)

marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c.
2019. szeptember 16.

CVE-2016-10958 (estatik)

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.
2019. szeptember 16.

CVE-2016-10959 (estatik)

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
2019. szeptember 16.

CVE-2016-10961 (colorway)

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
2019. szeptember 16.

CVE-2016-10962 (icegram)

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
2019. szeptember 16.

CVE-2016-10963 (icegram)

The icegram plugin before 1.9.19 for WordPress has XSS.
2019. szeptember 16.

CVE-2016-10956 (mail-masta)

The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
2019. szeptember 16.

CVE-2017-18634 (newspaper)

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
2019. szeptember 16.

CVE-2019-16057 (dns-320_firmware)

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.