|
219811
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20911
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219812
|
8.1 |
HIGH
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20910
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219813
|
7.5 |
HIGH
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20909
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219814
|
6.7 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or s…
|
NVD-CWE-noinfo
|
CVE-2019-20908
|
2024-11-21 13:39 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219815
|
7.5 |
HIGH
Network
|
python
opensuse
debian
fedoraproject
canonical
netapp
oracle
|
python
leap
debian_linux
fedora
ubuntu_linux
active_iq_unified_manager
cloud_volumes_ontap_mediator
zfs_storage_appliance_kit
|
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20907
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219816
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of perform…
|
CWE-601
Open Redirect
|
CVE-2019-20901
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219817
|
4.8 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The af…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20900
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219818
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affec…
|
NVD-CWE-noinfo
|
CVE-2019-20899
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219819
|
7.5 |
HIGH
Network
|
atlassian
|
jira_software_data_center
jira
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions a…
|
NVD-CWE-noinfo
|
CVE-2019-20898
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219820
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before v…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-20897
|
2024-11-21 13:39 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
