|
199071
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and …
|
CWE-416
Use After Free
|
CVE-2020-7827
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199072
|
9.8 |
CRITICAL
Network
|
express-fileupload_project
netapp
|
express-fileupload
max_data
|
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7699
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199073
|
9.8 |
CRITICAL
Network
|
gerapy
|
gerapy
|
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
|
CWE-78
OS Command
|
CVE-2020-7698
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199074
|
9.8 |
CRITICAL
Network
|
mock2easy_project
|
mock2easy
|
This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout)…
|
CWE-77
Command Injection
|
CVE-2020-7697
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199075
|
7.5 |
HIGH
Network
|
umbraco
|
umbraco_forms
|
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-7685
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199076
|
5.3 |
MEDIUM
Network
|
encode
|
uvicorn
|
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or …
|
CWE-74
Injection
|
CVE-2020-7695
|
2024-11-21 14:37 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199077
|
7.5 |
HIGH
Network
|
encode
|
uvicorn
|
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour …
|
CWE-94
CWE-116
Code Injection
Improper Encoding or Escaping of Output
|
CVE-2020-7694
|
2024-11-21 14:37 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199078
|
7.5 |
HIGH
Network
|
fast-http_project
|
fast-http
|
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.
|
CWE-22
Path Traversal
|
CVE-2020-7687
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199079
|
7.5 |
HIGH
Network
|
rollup-plugin-dev-server_project
|
rollup-plugin-dev-server
|
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.
|
CWE-22
Path Traversal
|
CVE-2020-7686
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199080
|
7.5 |
HIGH
Network
|
rollup-plugin-server_project
|
rollup-plugin-server
|
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.
|
CWE-22
Path Traversal
|
CVE-2020-7683
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
