|
200291
|
4.3 |
MEDIUM
Adjacent
|
mcafee
|
epolicy_orchestrator
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the adminis…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7318
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200292
|
4.3 |
MEDIUM
Adjacent
|
mcafee
|
epolicy_orchestrator
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7317
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200293
|
8.8 |
HIGH
Local
|
mcafee
|
total_protection
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7330
|
2024-11-21 14:37 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200294
|
6.8 |
MEDIUM
Physics
|
siemens
|
dca_vantage_analyzer_firmware
|
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-20…
|
-
|
CVE-2020-7590
|
2024-11-21 14:37 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200295
|
7.3 |
HIGH
Network
|
mathjs
|
mathjs
|
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7743
|
2024-11-21 14:37 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200296
|
7.8 |
HIGH
Local
|
samsung
|
update
|
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-proces…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7811
|
2024-11-21 14:37 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200297
|
7.8 |
HIGH
Local
|
mcafee
|
file_and_removable_media_protection
|
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-7316
|
2024-11-21 14:37 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200298
|
7.5 |
HIGH
Network
|
simpl-schema_project
|
simpl-schema
|
This affects the package simpl-schema before 1.10.2.
|
NVD-CWE-noinfo
|
CVE-2020-7742
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200299
|
8.2 |
HIGH
Network
|
node-pdf-generator_project
|
node-pdf-generator
|
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2020-7740
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200300
|
9.9 |
CRITICAL
Network
|
hello.js_project
|
hello.js
|
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7741
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
