Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-20042 |
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Published: December 27, 2019; 3:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20041 |
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. Published: December 27, 2019; 3:15:09 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-20024 |
A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. Published: December 26, 2019; 9:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20023 |
A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20022 |
An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20021 |
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20020 |
A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20019 |
An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20018 |
A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20017 |
A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20016 |
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue. Published: December 26, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20015 |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20014 |
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-20013 |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20012 |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20011 |
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-20010 |
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-20009 |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. Published: December 26, 2019; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20008 |
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Published: December 26, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2013-3088 |
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". Published: December 26, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 9.3 HIGH |