• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2019-10167

February 26, 2023 by

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an “emulatorbin” argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

CVE-2019-10168

February 26, 2023 by

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an “emulator” argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

CVE-2019-1010257

February 26, 2023 by

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf WordPress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file’s path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.

CVE-2019-1010151

February 26, 2023 by

zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.

CVE-2019-1010205

February 26, 2023 by

LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request.

CVE-2019-10038

February 26, 2023 by

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 318
  • Go to page 319
  • Go to page 320
  • Go to page 321
  • Go to page 322
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE