|
198451
|
5.4 |
MEDIUM
Network
|
rapid7
|
metasploit
|
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7354
|
2024-11-21 14:37 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198452
|
7.5 |
HIGH
Network
|
sas
|
go_rpm_utils
|
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which lead…
|
CWE-22
Path Traversal
|
CVE-2020-7667
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198453
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_tz_project
|
compression_and_archive_extensions_tz_project
|
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker …
|
CWE-22
Path Traversal
|
CVE-2020-7668
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198454
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_project
|
compression_and_archive_extensions_zip_project
|
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker…
|
CWE-22
Path Traversal
|
CVE-2020-7664
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198455
|
9.8 |
CRITICAL
Network
|
casperjs
|
casperjs
|
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7679
|
2024-11-21 14:37 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198456
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7513
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198457
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the …
|
NVD-CWE-Other
|
CVE-2020-7512
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198458
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7511
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198459
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
|
CWE-200
Information Exposure
|
CVE-2020-7510
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198460
|
7.2 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.
|
CWE-269
Improper Privilege Management
|
CVE-2020-7509
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
