Vulnerabilities > Cherokee Project > Cherokee > 1.2.103
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-12845 | NULL Pointer Dereference vulnerability in Cherokee-Project Cherokee Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. | 7.5 |
| 2020-05-18 | CVE-2019-20800 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers. | 9.8 |
| 2020-05-18 | CVE-2019-20799 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. | 5.0 |
| 2020-05-18 | CVE-2019-20798 | Cross-site Scripting vulnerability in Cherokee-Project Cherokee An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. | 8.4 |
| 2014-07-02 | CVE-2014-4668 | Improper Authentication vulnerability in multiple products The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | 6.8 |