|
222181
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
|
CWE-400
CWE-835
Uncontrolled Resource Consumption
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20201
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222182
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20200
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222183
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while runnin…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2019-20199
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222184
|
6.5 |
MEDIUM
Network
|
ezxml_project
|
ezxml
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-20198
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222185
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
|
CWE-78
OS Command
|
CVE-2019-20197
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222186
|
7.5 |
HIGH
Network
|
pureftpd
fedoraproject
|
pure-ftpd
fedora
|
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20176
|
2024-11-21 13:38 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222187
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-20175
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222188
|
7.8 |
HIGH
Local
|
serenityos
|
serenityos
|
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriti…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-20172
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222189
|
5.5 |
MEDIUM
Local
|
gpac
debian
|
gpac
debian_linux
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2019-20170
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222190
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c.
|
CWE-416
Use After Free
|
CVE-2019-20169
|
2024-11-21 13:38 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
