Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-6630 |
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. Published: January 08, 2020; 9:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6629 |
Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. Published: January 08, 2020; 9:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6628 |
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Published: January 08, 2020; 9:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-5205 |
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability. Published: January 08, 2020; 9:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-6625 |
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Published: January 08, 2020; 8:15:16 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-6624 |
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. Published: January 08, 2020; 8:15:16 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2019-11292 |
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. Published: January 08, 2020; 7:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-6623 |
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6622 |
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6621 |
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6620 |
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6619 |
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6618 |
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6617 |
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2011-5266 |
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2011-5250 |
Snare for Linux before 1.7.0 has CSRF in the web interface. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-5247 |
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2011-5018 |
Koala Framework before 2011-11-21 has XSS via the request_uri parameter. Published: January 08, 2020; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-9812 |
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. Published: January 08, 2020; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 5.8 MEDIUM |
CVE-2019-17025 |
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. Published: January 08, 2020; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |