| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-20202 |
763 |
|
|
2019-12-31 |
2020-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault. |
|
2 |
CVE-2019-20201 |
91 |
|
|
2019-12-31 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. |
|
3 |
CVE-2019-20200 |
125 |
|
|
2019-12-31 |
2020-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. |
|
4 |
CVE-2019-20199 |
125 |
|
|
2019-12-31 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. |
|
5 |
CVE-2019-20198 |
674 |
|
|
2019-12-31 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. |
|
6 |
CVE-2019-20197 |
78 |
|
Exec Code |
2019-12-31 |
2020-01-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. |
|
7 |
CVE-2019-20176 |
400 |
|
|
2019-12-31 |
2023-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. |
|
8 |
CVE-2019-20175 |
754 |
|
|
2019-12-31 |
2020-01-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert." |
|
9 |
CVE-2019-20172 |
119 |
|
Overflow +Priv |
2019-12-31 |
2022-12-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. |
|
10 |
CVE-2019-20171 |
401 |
|
|
2019-12-31 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. |
|
11 |
CVE-2019-20170 |
763 |
|
|
2019-12-31 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. |
|
12 |
CVE-2019-20169 |
416 |
|
|
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c. |
|
13 |
CVE-2019-20168 |
416 |
|
|
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. |
|
14 |
CVE-2019-20167 |
476 |
|
|
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c. |
|
15 |
CVE-2019-20166 |
476 |
|
|
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. |
|
16 |
CVE-2019-20165 |
476 |
|
|
2019-12-31 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. |
|
17 |
CVE-2019-20164 |
476 |
|
|
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. |
|
18 |
CVE-2019-20163 |
476 |
|
|
2019-12-31 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. |
|
19 |
CVE-2019-20162 |
787 |
|
Overflow |
2019-12-31 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. |
|
20 |
CVE-2019-20161 |
787 |
|
Overflow |
2019-12-31 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. |
|
21 |
CVE-2019-20160 |
787 |
|
Overflow |
2019-12-31 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c. |
|
22 |
CVE-2019-20159 |
772 |
|
|
2019-12-31 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. |
|
23 |
CVE-2019-20149 |
668 |
|
|
2019-12-30 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. |
|
24 |
CVE-2019-20141 |
79 |
|
XSS |
2019-12-30 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. |
|
25 |
CVE-2019-20140 |
787 |
|
Overflow |
2019-12-30 |
2020-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c. |
|
26 |
CVE-2019-20139 |
79 |
|
XSS |
2019-12-30 |
2020-01-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. |
|
27 |
CVE-2019-20138 |
326 |
|
|
2019-12-30 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. |
|
28 |
CVE-2019-20096 |
401 |
|
DoS |
2019-12-30 |
2023-01-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. |
|
29 |
CVE-2019-20095 |
401 |
|
DoS |
2019-12-30 |
2022-04-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. |
|
30 |
CVE-2019-20094 |
787 |
|
Overflow |
2019-12-30 |
2020-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. |
|
31 |
CVE-2019-20093 |
476 |
|
DoS |
2019-12-30 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. |
|
32 |
CVE-2019-20092 |
476 |
|
|
2019-12-30 |
2020-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. |
|
33 |
CVE-2019-20091 |
476 |
|
|
2019-12-30 |
2020-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. |
|
34 |
CVE-2019-20090 |
416 |
|
|
2019-12-30 |
2020-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. |
|
35 |
CVE-2019-20089 |
125 |
|
|
2019-12-30 |
2020-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. |
|
36 |
CVE-2019-20088 |
125 |
|
|
2019-12-30 |
2020-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. |
|
37 |
CVE-2019-20087 |
125 |
|
|
2019-12-30 |
2020-01-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. |
|
38 |
CVE-2019-20086 |
125 |
|
|
2019-12-30 |
2020-01-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. |
|
39 |
CVE-2019-20085 |
22 |
|
Dir. Trav. |
2019-12-30 |
2023-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TVT NVMS-1000 devices allow GET /.. Directory Traversal |
|
40 |
CVE-2019-20079 |
416 |
|
|
2019-12-30 |
2020-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. |
|
41 |
CVE-2019-20076 |
79 |
|
XSS |
2019-12-30 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). |
|
42 |
CVE-2019-20075 |
79 |
|
XSS |
2019-12-30 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). |
|
43 |
CVE-2019-20074 |
269 |
|
|
2019-12-30 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. |
|
44 |
CVE-2019-20073 |
79 |
|
XSS |
2019-12-30 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). |
|
45 |
CVE-2019-20072 |
79 |
|
XSS |
2019-12-30 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). |
|
46 |
CVE-2019-20071 |
352 |
|
CSRF |
2019-12-30 |
2020-01-02 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. |
|
47 |
CVE-2019-20070 |
79 |
|
XSS |
2019-12-30 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). |
|
48 |
CVE-2019-20063 |
665 |
|
|
2019-12-29 |
2020-01-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. |
|
49 |
CVE-2019-20058 |
79 |
|
XSS |
2019-12-29 |
2020-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040. |
|
50 |
CVE-2019-20057 |
345 |
|
|
2019-12-29 |
2020-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks. |
