CVE-2019-18936
UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.
Source: CVE-2019-18936
[월:] 2020년 03월
CVE-2013-7487
CVE-2013-7487
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system�, which allows remote attackers to execute arbitrary code via TCP port 9000.
Source: CVE-2013-7487
CVE-2019-12767
CVE-2019-12767
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.
Source: CVE-2019-12767
CVE-2020-10799
CVE-2020-10799
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
Source: CVE-2020-10799
CVE-2019-11574
CVE-2019-11574
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
Source: CVE-2019-11574
CVE-2020-8139
CVE-2020-8139
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
Source: CVE-2020-8139
CVE-2020-8138
CVE-2020-8138
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
Source: CVE-2020-8138
CVE-2020-8140
CVE-2020-8140
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
Source: CVE-2020-8140
CVE-2020-10194
CVE-2020-10194
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.
Source: CVE-2020-10194
CVE-2019-18860
CVE-2019-18860
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
Source: CVE-2019-18860