Search Results (83304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20924 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
CVE-2019-20923 1 Mongodb 2 Mongodb, Mongodb Server 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
CVE-2019-20912 1 Gnu 1 Libredwg 2024-11-21 8.8 High
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
CVE-2019-20903 1 Atlassian 1 Editor-core 2024-11-21 5.4 Medium
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2019-20900 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
CVE-2019-20880 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
CVE-2019-20845 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
CVE-2019-20840 5 Canonical, Debian, Libvnc Project and 2 more 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more 2024-11-21 7.5 High
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVE-2019-20830 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 9.8 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
CVE-2019-20827 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 9.8 Critical
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
CVE-2019-20825 1 Foxitsoftware 1 Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
CVE-2019-20822 2 Foxitsoftware, Microsoft 2 3d, Windows 2024-11-21 9.8 Critical
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.
CVE-2019-20818 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 7.5 High
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
CVE-2019-20814 1 Foxitsoftware 1 Phantompdf 2024-11-21 7.5 High
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
CVE-2019-20810 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-11-21 5.5 Medium
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2019-20807 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 5.3 Medium
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2019-20803 1 Gilacms 1 Gila Cms 2024-11-21 6.1 Medium
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
CVE-2019-20802 1 Readdle 1 Documents 2024-11-21 6.1 Medium
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.
CVE-2019-20800 1 Cherokee-project 1 Cherokee 2024-11-21 9.8 Critical
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
CVE-2019-20799 1 Cherokee-project 1 Cherokee 2024-11-21 7.5 High
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.