|
199001
|
7.8 |
HIGH
Local
|
rapid7
|
nexpose
|
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This …
|
CWE-94
Code Injection
|
CVE-2020-7381
|
2024-11-21 14:37 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199002
|
7.1 |
HIGH
Network
|
gruntjs
debian
canonical
|
grunt
debian_linux
ubuntu_linux
|
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside gr…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-7729
|
2024-11-21 14:37 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199003
|
7.8 |
HIGH
Local
|
raonwiz
|
raon_kupload
|
RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files …
|
CWE-20
Improper Input Validation
|
CVE-2020-7830
|
2024-11-21 14:37 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199004
|
7.5 |
HIGH
Network
|
u-root
|
u-root
|
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
|
CWE-22
Path Traversal
|
CVE-2020-7669
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199005
|
7.5 |
HIGH
Network
|
u-root
|
u-root
|
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path travers…
|
CWE-22
Path Traversal
|
CVE-2020-7666
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199006
|
7.5 |
HIGH
Network
|
u-root
|
u-root
|
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
|
CWE-22
Path Traversal
|
CVE-2020-7665
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199007
|
9.8 |
CRITICAL
Network
|
gedi_project
|
gedi
|
All versions of package gedi are vulnerable to Prototype Pollution via the set function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7727
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199008
|
9.8 |
CRITICAL
Network
|
safe-object2_project
|
safe-object2
|
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7726
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199009
|
9.8 |
CRITICAL
Network
|
guidesmiths
|
worksmith
|
All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7725
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199010
|
9.8 |
CRITICAL
Network
|
tiny-conf_project
|
tiny-conf
|
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7724
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
