|
221581
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mo…
|
CWE-697
Incorrect Comparison
|
CVE-2019-20925
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221582
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Serve…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-20924
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221583
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to…
|
NVD-CWE-Other
|
CVE-2019-20923
|
2024-11-21 13:39 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221584
|
9.8 |
CRITICAL
Network
|
influxdata
debian
|
influxdb
debian_linux
|
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
|
CWE-287
Improper Authentication
|
CVE-2019-20933
|
2024-11-21 13:39 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221585
|
5.4 |
MEDIUM
Network
|
atlassian
|
editor-core
|
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link ta…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20903
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221586
|
7.5 |
HIGH
Network
|
atlassian
|
crowd
|
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
|
NVD-CWE-noinfo
|
CVE-2019-20902
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221587
|
7.5 |
HIGH
Network
|
handlebarsjs
|
handlebars
|
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20922
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221588
|
6.1 |
MEDIUM
Network
|
snapappointments
|
bootstrap-select
|
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20921
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221589
|
8.1 |
HIGH
Network
|
handlebarsjs
|
handlebars
|
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arb…
|
CWE-94
Code Injection
|
CVE-2019-20920
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221590
|
4.7 |
MEDIUM
Local
|
perl
fedoraproject
canonical
debian
opensuse
|
dbi
fedora
ubuntu_linux
debian_linux
leap
|
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20919
|
2024-11-21 13:39 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
