Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown

CVE-2021-42134

Disclosure Date: October 11, 2021 (last updated February 23, 2025)
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-42053

Disclosure Date: October 07, 2021 (last updated February 23, 2025)
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-36979

Disclosure Date: July 20, 2021 (last updated February 23, 2025)
Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-36431

Disclosure Date: July 20, 2021 (last updated February 23, 2025)
Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-16131

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
0
0
Attacker Value
Unknown

CVE-2018-1000164

Disclosure Date: April 18, 2018 (last updated November 26, 2024)
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
0
0
View More Topics  < Previous