|
222381
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cer…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20812
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222382
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
|
NVD-CWE-Other
|
CVE-2019-20811
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222383
|
5.5 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20810
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222384
|
5.5 |
MEDIUM
Local
|
upx_project
|
upx
|
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-20805
|
2024-11-21 13:39 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222385
|
5.3 |
MEDIUM
Local
|
vim
debian
opensuse
canonical
apple
starwindsoftware
|
vim
debian_linux
leap
ubuntu_linux
mac_os_x
command_center
san_\&_nas
|
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
|
CWE-78
OS Command
|
CVE-2019-20807
|
2024-11-21 13:39 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222386
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20806
|
2024-11-21 13:39 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222387
|
8.8 |
HIGH
Network
|
gilacms
|
gila_cms
|
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
|
CWE-352
Origin Validation Error
|
CVE-2019-20804
|
2024-11-21 13:39 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222388
|
6.1 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20803
|
2024-11-21 13:39 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222389
|
6.1 |
MEDIUM
Network
|
readdle
|
documents
|
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to …
|
CWE-79
Cross-site Scripting
|
CVE-2019-20802
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222390
|
5.3 |
MEDIUM
Network
|
readdle
|
documents
|
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks …
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2019-20801
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
