|
219911
|
8.8 |
HIGH
Network
|
gilacms
|
gila_cms
|
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
|
CWE-352
Origin Validation Error
|
CVE-2019-20804
|
2024-11-21 13:39 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219912
|
6.1 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20803
|
2024-11-21 13:39 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219913
|
6.1 |
MEDIUM
Network
|
readdle
|
documents
|
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to …
|
CWE-79
Cross-site Scripting
|
CVE-2019-20802
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219914
|
5.3 |
MEDIUM
Network
|
readdle
|
documents
|
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks …
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2019-20801
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219915
|
9.8 |
CRITICAL
Network
|
cherokee-project
|
cherokee
|
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET reques…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20800
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219916
|
7.5 |
HIGH
Network
|
cherokee-project
|
cherokee
|
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20799
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219917
|
8.4 |
HIGH
Network
|
cherokee-project
|
cherokee
|
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its ad…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20798
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219918
|
7.5 |
HIGH
Network
|
prboom-plus_project
|
prboom-plus
|
An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacket…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20797
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219919
|
4.4 |
MEDIUM
Local
|
iproute2_project
canonical
|
iproute2
ubuntu_linux
|
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a co…
|
CWE-416
Use After Free
|
CVE-2019-20795
|
2024-11-21 13:39 |
2020-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219920
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2019-20794
|
2024-11-21 13:39 |
2020-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
