|
201111
|
7.5 |
HIGH
Network
|
jetbrains
|
ktor
|
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5207
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201112
|
5.3 |
MEDIUM
Network
|
sylius
|
syliusresourcebundle
|
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make…
|
CWE-200
Information Exposure
|
CVE-2020-5220
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201113
|
4.3 |
MEDIUM
Network
|
sylius
|
sylius
|
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5218
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201114
|
5.4 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5226
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201115
|
5.4 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the r…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-5225
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201116
|
8.8 |
HIGH
Network
|
django-user-sessions_project
|
django-user-sessions
|
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rend…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-5224
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201117
|
8.8 |
HIGH
Network
|
peerigon
|
angular-expressions
|
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. I…
|
CWE-74
Injection
|
CVE-2020-5219
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201118
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5217
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201119
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5216
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201120
|
4.4 |
MEDIUM
Network
|
privatebin
|
privatebin
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5223
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
