An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2020-01-06
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2021-07-21
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2020-01-06
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2020-08-24
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2020-08-24
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
Max CVSS
9.0
EPSS Score
0.76%
Published
2019-12-31
Updated
2020-01-07
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Max CVSS
7.5
EPSS Score
0.27%
Published
2019-12-31
Updated
2023-01-20
** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert."
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-12-31
Updated
2020-01-15
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-12-31
Updated
2022-12-08
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2022-01-01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2022-10-14
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2022-10-14
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2022-10-14
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2022-10-14
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-12-31
Updated
2022-10-14
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-12-31
Updated
2020-01-02
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-31
Updated
2021-07-21
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Max CVSS
7.5
EPSS Score
0.09%
Published
2019-12-30
Updated
2020-08-24
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-12-30
Updated
2023-01-20
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
Max CVSS
8.8
EPSS Score
0.30%
Published
2019-12-30
Updated
2020-01-07
1577 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!