|
221461
|
5.4 |
MEDIUM
Network
|
postieplugin
|
postie
|
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20204
|
2024-11-21 13:38 |
2020-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221462
|
5.3 |
MEDIUM
Network
|
postieplugin
|
postie
|
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-20203
|
2024-11-21 13:38 |
2020-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221463
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2019-20202
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221464
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
|
CWE-400
CWE-835
Uncontrolled Resource Consumption
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20201
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221465
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20200
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221466
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while runnin…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2019-20199
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221467
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-20198
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221468
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
|
CWE-78
OS Command
|
CVE-2019-20197
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221469
|
7.5 |
HIGH
Network
|
pureftpd
fedoraproject
|
pure-ftpd
fedora
|
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20176
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221470
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-20175
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
