|
223131
|
5.3 |
MEDIUM
Network
|
readdle
|
documents
|
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks …
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2019-20801
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223132
|
9.8 |
CRITICAL
Network
|
cherokee-project
|
cherokee
|
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET reques…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20800
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223133
|
7.5 |
HIGH
Network
|
cherokee-project
|
cherokee
|
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20799
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223134
|
8.4 |
HIGH
Network
|
cherokee-project
|
cherokee
|
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its ad…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20798
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223135
|
7.5 |
HIGH
Network
|
prboom-plus_project
|
prboom-plus
|
An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacket…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20797
|
2024-11-21 13:39 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223136
|
4.4 |
MEDIUM
Local
|
iproute2_project
canonical
|
iproute2
ubuntu_linux
|
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a co…
|
CWE-416
Use After Free
|
CVE-2019-20795
|
2024-11-21 13:39 |
2020-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223137
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2019-20794
|
2024-11-21 13:39 |
2020-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223138
|
5.4 |
MEDIUM
Network
|
servicenow
|
it_service_management
|
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Req…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20768
|
2024-11-21 13:39 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223139
|
7.8 |
HIGH
Local
|
lg
|
bridge
|
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-20781
|
2024-11-21 13:39 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223140
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
|
CWE-415
Double Free
|
CVE-2019-20792
|
2024-11-21 13:39 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
