|
198401
|
6.8 |
MEDIUM
Physics
|
freebsd
netapp
|
freebsd
clustered_data_ontap
|
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-7456
|
2024-11-21 14:37 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198402
|
5.4 |
MEDIUM
Network
|
angularjs
|
angular.js
|
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes par…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7676
|
2024-11-21 14:37 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198403
|
7.5 |
HIGH
Network
|
url-regex_project
|
url-regex
|
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7661
|
2024-11-21 14:37 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198404
|
7.5 |
HIGH
Network
|
websocket-extensions_project
debian
canonical
|
websocket-extensions
debian_linux
ubuntu_linux
|
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string…
|
NVD-CWE-Other
|
CVE-2020-7663
|
2024-11-21 14:37 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198405
|
7.5 |
HIGH
Network
|
websocket-extensions_project
|
websocket-extensions
|
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string …
|
NVD-CWE-Other
|
CVE-2020-7662
|
2024-11-21 14:37 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198406
|
8.1 |
HIGH
Network
|
verizon
|
serialize-javascript
|
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7660
|
2024-11-21 14:37 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198407
|
7.5 |
HIGH
Network
|
celluloid
|
reel
|
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Conte…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7659
|
2024-11-21 14:37 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198408
|
7.5 |
HIGH
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-7654
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198409
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files…
|
CWE-22
Path Traversal
|
CVE-2020-7650
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198410
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragme…
|
CWE-22
Path Traversal
|
CVE-2020-7648
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
