|
197911
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_project
|
compression_and_archive_extensions_zip_project
|
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker…
|
CWE-22
Path Traversal
|
CVE-2020-7664
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197912
|
9.8 |
CRITICAL
Network
|
casperjs
|
casperjs
|
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7679
|
2024-11-21 14:37 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197913
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7513
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197914
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the …
|
NVD-CWE-Other
|
CVE-2020-7512
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197915
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7511
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197916
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
|
CWE-200
Information Exposure
|
CVE-2020-7510
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197917
|
7.2 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.
|
CWE-269
Improper Privilege Management
|
CVE-2020-7509
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197918
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-7508
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197919
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of ser…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7507
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197920
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and m…
|
-
|
CVE-2020-7506
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
