|
198931
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete …
|
CWE-94
Code Injection
|
CVE-2020-7373
|
2024-11-21 14:37 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198932
|
7.5 |
HIGH
Network
|
codemirror
oracle
|
codemirror
application_express
essbase
enterprise_manager_express_user_interface
hyperion_data_relationship_management
spatial_studio
|
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/Code…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7760
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198933
|
7.2 |
HIGH
Network
|
pimcore
|
pimcore
|
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a speci…
|
CWE-89
SQL Injection
|
CVE-2020-7759
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198934
|
7.8 |
HIGH
Local
|
rapid7
|
metasploit
|
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
|
CWE-77
Command Injection
|
CVE-2020-7384
|
2024-11-21 14:37 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198935
|
9.8 |
CRITICAL
Network
|
chartjs
|
chart.js
|
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) ar…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7746
|
2024-11-21 14:37 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198936
|
7.5 |
HIGH
Network
|
dat.gui_project
|
dat.gui
|
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7755
|
2024-11-21 14:37 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198937
|
7.5 |
HIGH
Network
|
npmjs
|
npm-user-validate
|
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
|
NVD-CWE-noinfo
|
CVE-2020-7754
|
2024-11-21 14:37 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198938
|
7.5 |
HIGH
Network
|
trim_project
|
trim
|
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7753
|
2024-11-21 14:37 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198939
|
8.8 |
HIGH
Network
|
systeminformation
|
systeminformation
|
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execu…
|
CWE-78
OS Command
|
CVE-2020-7752
|
2024-11-21 14:37 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198940
|
7.2 |
HIGH
Network
|
chaijis
|
pathval
|
pathval before version 1.1.1 is vulnerable to prototype pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7751
|
2024-11-21 14:37 |
2020-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
