National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,793 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2020-13791

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.

Published: June 04, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-13765

rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

Published: June 04, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-13692

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Published: June 04, 2020; 12:15:12 PM -04:00
(not available)
CVE-2019-20822

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.

Published: June 04, 2020; 12:15:12 PM -04:00
(not available)
CVE-2019-20821

An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.

Published: June 04, 2020; 12:15:12 PM -04:00
(not available)
CVE-2019-20820

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20819

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20818

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20817

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20816

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20815

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20814

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

Published: June 04, 2020; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-20813

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

Published: June 04, 2020; 12:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.

Published: June 04, 2020; 12:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16384

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.

Published: June 04, 2020; 12:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-13827

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

Published: June 04, 2020; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-13822

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

Published: June 04, 2020; 11:15:13 AM -04:00
(not available)
CVE-2020-13810

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

Published: June 04, 2020; 11:15:13 AM -04:00
(not available)
CVE-2020-13809

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.

Published: June 04, 2020; 11:15:13 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-13808

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

Published: June 04, 2020; 11:15:13 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM