|
223801
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callbac…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20808
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223802
|
5.3 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, …
|
CWE-416
Use After Free
|
CVE-2019-20934
|
2024-11-21 13:39 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223803
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mo…
|
CWE-697
Incorrect Comparison
|
CVE-2019-20925
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223804
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Serve…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-20924
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223805
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to…
|
NVD-CWE-Other
|
CVE-2019-20923
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223806
|
9.8 |
CRITICAL
Network
|
influxdata
debian
|
influxdb
debian_linux
|
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
|
CWE-287
Improper Authentication
|
CVE-2019-20933
|
2024-11-21 13:39 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223807
|
5.4 |
MEDIUM
Network
|
atlassian
|
editor-core
|
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link ta…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20903
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223808
|
7.5 |
HIGH
Network
|
atlassian
|
crowd
|
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
|
NVD-CWE-noinfo
|
CVE-2019-20902
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223809
|
7.5 |
HIGH
Network
|
handlebarsjs
|
handlebars
|
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20922
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223810
|
6.1 |
MEDIUM
Network
|
snapappointments
|
bootstrap-select
|
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20921
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
