|
199521
|
5.3 |
MEDIUM
Network
|
absolunet
|
kafe
|
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.
|
NVD-CWE-noinfo
|
CVE-2020-7761
|
2024-11-21 14:37 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199522
|
7.5 |
HIGH
Network
|
browserless
|
chrome
|
This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then s…
|
CWE-22
Path Traversal
|
CVE-2020-7758
|
2024-11-21 14:37 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199523
|
6.5 |
MEDIUM
Network
|
droppy_project
|
droppy
|
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.
|
CWE-22
Path Traversal
|
CVE-2020-7757
|
2024-11-21 14:37 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199524
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete …
|
CWE-94
Code Injection
|
CVE-2020-7373
|
2024-11-21 14:37 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199525
|
7.5 |
HIGH
Network
|
codemirror
oracle
|
codemirror
application_express
essbase
enterprise_manager_express_user_interface
hyperion_data_relationship_management
spatial_studio
|
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/Code…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7760
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199526
|
7.2 |
HIGH
Network
|
pimcore
|
pimcore
|
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a speci…
|
CWE-89
SQL Injection
|
CVE-2020-7759
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199527
|
7.8 |
HIGH
Local
|
rapid7
|
metasploit
|
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
|
CWE-77
Command Injection
|
CVE-2020-7384
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199528
|
9.8 |
CRITICAL
Network
|
chartjs
|
chart.js
|
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) ar…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7746
|
2024-11-21 14:37 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199529
|
7.5 |
HIGH
Network
|
dat.gui_project
|
dat.gui
|
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7755
|
2024-11-21 14:37 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199530
|
7.5 |
HIGH
Network
|
npmjs
|
npm-user-validate
|
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
|
NVD-CWE-noinfo
|
CVE-2020-7754
|
2024-11-21 14:37 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
