|
197701
|
9.8 |
CRITICAL
Network
|
sugarcrm
|
sugarcrm
|
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenti…
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-7472
|
2024-11-21 14:37 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197702
|
9.8 |
CRITICAL
Network
|
json8_project
|
json8
|
This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype po…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7770
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197703
|
4.8 |
MEDIUM
Network
|
mcafee
|
endpoint_security
|
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7333
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197704
|
8.8 |
HIGH
Network
|
mcafee
|
endpoint_security
|
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to …
|
CWE-352
Origin Validation Error
|
CVE-2020-7332
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197705
|
7.8 |
HIGH
Local
|
mcafee
|
endpoint_security
|
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully craf…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-7331
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197706
|
9.8 |
CRITICAL
Network
|
nodemailer
|
nodemailer
|
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
|
CWE-88
Argument Injection
|
CVE-2020-7769
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197707
|
9.8 |
CRITICAL
Network
|
grpc
|
grpc
|
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7768
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197708
|
5.3 |
MEDIUM
Network
|
express-validators_project
|
express-validators
|
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7767
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197709
|
7.2 |
HIGH
Network
|
mcafee
|
mvision_endpoint
|
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully co…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7329
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197710
|
7.2 |
HIGH
Network
|
mcafee
|
mvision_endpoint
|
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via impro…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7328
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
