|
219801
|
6.1 |
MEDIUM
Network
|
snapappointments
|
bootstrap-select
|
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20921
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219802
|
8.1 |
HIGH
Network
|
handlebarsjs
|
handlebars
|
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arb…
|
CWE-94
Code Injection
|
CVE-2019-20920
|
2024-11-21 13:39 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219803
|
4.7 |
MEDIUM
Local
|
perl
fedoraproject
canonical
debian
opensuse
|
dbi
fedora
ubuntu_linux
debian_linux
leap
|
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20919
|
2024-11-21 13:39 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219804
|
6.5 |
MEDIUM
Network
|
inspircd
|
inspircd
|
An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user ab…
|
CWE-416
Use After Free
|
CVE-2019-20918
|
2024-11-21 13:39 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219805
|
6.5 |
MEDIUM
Network
|
inspircd
debian
|
inspircd
debian_linux
|
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with …
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20917
|
2024-11-21 13:39 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219806
|
7.5 |
HIGH
Network
|
pypa
opensuse
debian
oracle
|
pip
leap
debian_linux
communications_cloud_native_core_policy
communications_cloud_native_core_network_function_cloud_native_environment
|
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr…
|
CWE-22
Path Traversal
|
CVE-2019-20916
|
2024-11-21 13:39 |
2020-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219807
|
8.1 |
HIGH
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20915
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219808
|
9.8 |
CRITICAL
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20914
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219809
|
8.1 |
HIGH
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20913
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219810
|
8.8 |
HIGH
Network
|
gnu
|
libredwg
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20912
|
2024-11-21 13:39 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
