Vulnerabilities (CVE)

Yack CVE helps teams search and track vulnerabilities.

TOTAL
358,413 CVE
CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-8407
1Hongcms Project
1Hongcms
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
CVE-2019-8404
1Webiness Inventory Project
1Webiness Inventory
Jun 17, 2026
May 14, 2019
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information...Show more
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.Show less
CVE-2019-8400
1Ory
1Hydra
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
CVE-2019-8398
1Hdfgroup
1Hdf5
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2019-8397
1Hdfgroup
1Hdf5
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.
CVE-2019-8396
1Hdfgroup
1Hdf5
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file,...Show more
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."Show less
CVE-2019-8395
1Zohocorp
1Manageengine Servicedesk Plus
Jun 17, 2026
Feb 17, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2019-8394
1Zohocorp
1Manageengine Servicedesk Plus
Jun 17, 2026
Feb 17, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2019-8393
1Hotels Server Project
1Hotels Server
Jun 17, 2026
Feb 17, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVE-2019-8392
1Dlink
1Dir 823g Firmware
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provide...Show more
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.Show less
CVE-2019-8391
1Qdpm
1Qdpm
Jun 17, 2026
May 14, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
CVE-2019-8390
1Qdpm
1Qdpm
Jun 17, 2026
May 14, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
CVE-2019-8389
1Musicloud Project
1Musicloud
Jun 17, 2026
Feb 17, 2019
N/A· v4
8.1 HIGH· v3
4.8 MEDIUM· v2
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can...Show more
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).Show less
CVE-2019-8387
1Barni
1Master Ip Camera01 Firmware
Jun 17, 2026
May 8, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
CVE-2019-8385
1Thomsonreuters
2Concourse Matter Room
Firm Central Desktop
Jun 17, 2026
Jun 5, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop....Show more
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.Show less
CVE-2019-8383
4Advancemame
DebianFedoraproject+1 more
6Advancecomp
Debian LinuxEnterprise Linux For Power Little Endian+3 more
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to ca...Show more
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-8382
1Axiosys
1Bento4
Jun 17, 2026
Feb 17, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to...Show more
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8381
2Broadcom
Fedoraproject
2Fedora
Tcpreplay
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a...Show more
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8380
1Axiosys
1Bento4
Jun 17, 2026
Feb 17, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip bin...Show more
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8379
4Advancemame
DebianFedoraproject+1 more
6Advancecomp
Debian LinuxEnterprise Linux For Power Little Endian+3 more
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attack...Show more
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-8378
1Axiosys
1Bento4
Jun 17, 2026
Feb 17, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file...Show more
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8377
2Broadcom
Fedoraproject
2Fedora
Tcpreplay
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It a...Show more
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8376
2Broadcom
Fedoraproject
2Fedora
Tcpreplay
Jun 17, 2026
Feb 17, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allo...Show more
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-8375
3Canonical
OpensuseWebkitgtk
3Leap
Ubuntu LinuxWebkitgtk
Jun 17, 2026
Feb 24, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote atta...Show more
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).Show less
CVE-2019-8372
1Lg
1Lha.sys
Jun 17, 2026
Feb 18, 2019
N/A· v4
7.0 HIGH· v3
6.9 MEDIUM· v2
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system priv...Show more
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.Show less