|
199821
|
8.8 |
HIGH
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-27997
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199822
|
9.8 |
CRITICAL
Network
|
merge_project
|
merge
|
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
|
NVD-CWE-noinfo
|
CVE-2020-28499
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199823
|
7.5 |
HIGH
Network
|
fasterxml
quarkus
oracle
|
jackson-dataformats-binary
quarkus
weblogic_server
|
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lan…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-28491
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199824
|
6.5 |
MEDIUM
Network
|
reportlab
fedoraproject
|
reportlab
fedora
|
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28463
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199825
|
7.5 |
HIGH
Network
|
three_project
|
three
|
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i+…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-28496
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199826
|
9.8 |
CRITICAL
Network
|
async-git_project
|
async-git
|
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
|
CWE-78
OS Command
|
CVE-2020-28490
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199827
|
7.2 |
HIGH
Network
|
microweber
|
microweber
|
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulner…
|
CWE-22
Path Traversal
|
CVE-2020-28337
|
2024-11-21 14:22 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199828
|
5.3 |
MEDIUM
Network
|
lodash
oracle
siemens
|
lodash
primavera_unifier
peoplesoft_enterprise_peopletools
retail_customer_management_and_segmentation_foundation
communications_services_gatekeeper
enterprise_communications_broker
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
|
NVD-CWE-Other
|
CVE-2020-28500
|
2024-11-21 14:22 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
199829
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28596
|
2024-11-21 14:22 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199830
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code ex…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28595
|
2024-11-21 14:22 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
