|
221301
|
7.5 |
HIGH
Network
|
foxitsoftware
|
phantompdf
|
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-20814
|
2024-11-21 13:39 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221302
|
7.5 |
HIGH
Network
|
foxitsoftware
|
phantompdf
|
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20813
|
2024-11-21 13:39 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221303
|
7.5 |
HIGH
Network
|
compound
|
price_oracle
|
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate t…
|
NVD-CWE-noinfo
|
CVE-2019-20809
|
2024-11-21 13:39 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221304
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cer…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20812
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221305
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
|
NVD-CWE-Other
|
CVE-2019-20811
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221306
|
5.5 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20810
|
2024-11-21 13:39 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221307
|
5.5 |
MEDIUM
Local
|
upx_project
|
upx
|
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-20805
|
2024-11-21 13:39 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221308
|
5.3 |
MEDIUM
Local
|
vim
debian
opensuse
canonical
apple
starwindsoftware
|
vim
debian_linux
leap
ubuntu_linux
mac_os_x
command_center
san_\&_nas
|
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
|
CWE-78
OS Command
|
CVE-2019-20807
|
2024-11-21 13:39 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221309
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20806
|
2024-11-21 13:39 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221310
|
8.8 |
HIGH
Network
|
gilacms
|
gila_cms
|
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
|
CWE-352
Origin Validation Error
|
CVE-2019-20804
|
2024-11-21 13:39 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
