|
221811
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20160
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221812
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20159
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221813
|
7.5 |
HIGH
Network
|
kind-of_project
|
kind-of
|
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafte…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-20149
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221814
|
6.1 |
MEDIUM
Network
|
laborator
|
neon
|
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20141
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221815
|
5.4 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin …
|
CWE-79
Cross-site Scripting
|
CVE-2019-20139
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221816
|
7.5 |
HIGH
Network
|
http_authentication_library_project
|
http_authentication_library
|
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.
|
CWE-327
CWE-916
Use of a Broken or Risky Cryptographic Algorithm
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-20138
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221817
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20096
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221818
|
5.5 |
MEDIUM
Local
|
linux
opensuse
netapp
|
linux_kernel
leap
cloud_backup
steelstore_cloud_integrated_storage
data_availability_services
solidfire
hci_management_node
active_iq_unified_manager
e-series_santricity_os_co…
|
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-20095
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221819
|
5.5 |
MEDIUM
Local
|
podofo_project
fedoraproject
|
podofo
fedora
|
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20093
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221820
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20092
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
