|
221541
|
6.1 |
MEDIUM
Network
|
laborator
|
neon
|
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20141
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221542
|
5.4 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin …
|
CWE-79
Cross-site Scripting
|
CVE-2019-20139
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221543
|
7.5 |
HIGH
Network
|
http_authentication_library_project
|
http_authentication_library
|
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.
|
CWE-327
CWE-916
Use of a Broken or Risky Cryptographic Algorithm
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-20138
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221544
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20096
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221545
|
5.5 |
MEDIUM
Local
|
linux
opensuse
netapp
|
linux_kernel
leap
cloud_backup
steelstore_cloud_integrated_storage
data_availability_services
solidfire
hci_management_node
active_iq_unified_manager
e-series_santricity_os_co…
|
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20095
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221546
|
5.5 |
MEDIUM
Local
|
podofo_project
fedoraproject
|
podofo
fedora
|
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20093
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221547
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20092
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221548
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20091
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221549
|
7.8 |
HIGH
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
|
CWE-416
Use After Free
|
CVE-2019-20090
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221550
|
7.8 |
HIGH
Local
|
gopro
|
gpmf-parser
|
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20089
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
