|
222241
|
6.5 |
MEDIUM
Network
|
linecorp
|
armeria
|
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized d…
|
CWE-74
Injection
|
CVE-2019-16771
|
2024-11-21 13:31 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222242
|
7.5 |
HIGH
Network
|
puma
debian
|
puma
debian_linux
|
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Pum…
|
-
|
CVE-2019-16770
|
2024-11-21 13:31 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222243
|
4.3 |
MEDIUM
Network
|
sylius
|
sylius
|
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and prop…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-16768
|
2024-11-21 13:31 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222244
|
5.4 |
MEDIUM
Network
|
verizon
|
serialize-javascript
|
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This …
|
CWE-79
Cross-site Scripting
|
CVE-2019-16769
|
2024-11-21 13:31 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222245
|
7.5 |
HIGH
Network
|
pivx
decentralized_anonymous_payment_system_project
|
private_instant_verified_transactions
decentralized_anonymous_payment_system
|
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their b…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-16753
|
2024-11-21 13:31 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222246
|
4.3 |
MEDIUM
Network
|
pivx
dash
officialdapscoin
|
private_instant_verified_transactions
dash_core
decentralized_anonymous_payment_system
|
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network an…
|
CWE-352
Origin Validation Error
|
CVE-2019-16752
|
2024-11-21 13:31 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222247
|
9.8 |
CRITICAL
Network
|
okay-cms
|
okaycms
|
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/Produc…
|
CWE-94
Code Injection
|
CVE-2019-16885
|
2024-11-21 13:31 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222248
|
7.2 |
HIGH
Network
|
inist
|
ezmaster
|
The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)
|
NVD-CWE-noinfo
|
CVE-2019-16767
|
2024-11-21 13:31 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222249
|
8.8 |
HIGH
Network
|
labdigital
|
wagtail-2fa
|
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new de…
|
NVD-CWE-noinfo
|
CVE-2019-16766
|
2024-11-21 13:31 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222250
|
7.8 |
HIGH
Local
|
microsoft
|
codeql
|
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be execu…
|
NVD-CWE-noinfo
|
CVE-2019-16765
|
2024-11-21 13:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
