|
203071
|
7.3 |
HIGH
Network
|
mathjs
|
mathjs
|
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7743
|
2024-11-21 14:37 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203072
|
7.8 |
HIGH
Local
|
samsung
|
update
|
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-proces…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7811
|
2024-11-21 14:37 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203073
|
7.8 |
HIGH
Local
|
mcafee
|
file_and_removable_media_protection
|
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-7316
|
2024-11-21 14:37 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203074
|
7.5 |
HIGH
Network
|
simpl-schema_project
|
simpl-schema
|
This affects the package simpl-schema before 1.10.2.
|
NVD-CWE-noinfo
|
CVE-2020-7742
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203075
|
8.2 |
HIGH
Network
|
node-pdf-generator_project
|
node-pdf-generator
|
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2020-7740
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203076
|
9.9 |
CRITICAL
Network
|
hello.js_project
|
hello.js
|
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7741
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203077
|
8.2 |
HIGH
Network
|
phantomjs-seo_project
|
phantomjs-seo
|
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7739
|
2024-11-21 14:37 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203078
|
7.5 |
HIGH
Network
|
mpd_project
stormshield
|
mpd
stormshield_network_security
|
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-7466
|
2024-11-21 14:37 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203079
|
9.8 |
CRITICAL
Network
|
mpd_project
stormshield
|
mpd
stormshield_network_security
|
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of servi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7465
|
2024-11-21 14:37 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203080
|
8.3 |
HIGH
Network
|
shiba_project
|
shiba
|
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
|
NVD-CWE-noinfo
|
CVE-2020-7738
|
2024-11-21 14:37 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
