|
200281
|
7.6 |
HIGH
Network
|
osm-static-maps_project
|
osm-static-maps
|
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to injec…
|
CWE-79
CWE-74
Cross-site Scripting
Injection
|
CVE-2020-7749
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200282
|
8.1 |
HIGH
Network
|
ts.ed_project
|
ts.ed
|
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attac…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7748
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200283
|
6.3 |
MEDIUM
Network
|
lightning-viz
|
lightning
|
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7747
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200284
|
7.1 |
HIGH
Network
|
mintegral
|
mintegraladsdk
|
This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can rem…
|
CWE-94
Code Injection
|
CVE-2020-7745
|
2024-11-21 14:37 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200285
|
8.8 |
HIGH
Network
|
siemens
|
siport_mp
|
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (…
|
-
|
CVE-2020-7591
|
2024-11-21 14:37 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200286
|
4.7 |
MEDIUM
Network
|
mintegral
|
mintegraladsdk
|
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls e…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-7744
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200287
|
6.7 |
MEDIUM
Local
|
mcafee
|
mvision_endpoint_detection_and_response
|
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Wind…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-7327
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200288
|
6.7 |
MEDIUM
Local
|
mcafee
|
active_response
|
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core t…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-7326
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200289
|
8.2 |
HIGH
Local
|
mcafee
|
application_and_change_control
|
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7334
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200290
|
8.1 |
HIGH
Network
|
rapid7
|
nexpose
|
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been ab…
|
CWE-89
SQL Injection
|
CVE-2020-7383
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
