|
197631
|
9.8 |
CRITICAL
Network
|
buns_project
|
buns
|
This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).
|
CWE-78
OS Command
|
CVE-2020-7794
|
2024-11-21 14:37 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197632
|
9.8 |
CRITICAL
Network
|
ts-process-promises_project
|
ts-process-promises
|
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the fol…
|
CWE-78
OS Command
|
CVE-2020-7784
|
2024-11-21 14:37 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197633
|
6.5 |
MEDIUM
Network
|
mcafee
|
network_security_management
|
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network …
|
CWE-352
Origin Validation Error
|
CVE-2020-7336
|
2024-11-21 14:37 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197634
|
9.8 |
CRITICAL
Network
|
asciitable.js_project
|
asciitable.js
|
The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7771
|
2024-11-21 14:37 |
2021-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197635
|
9.8 |
CRITICAL
Network
|
jiransecurity
|
spamsniper
|
Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via cr…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7845
|
2024-11-21 14:37 |
2020-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197636
|
8.8 |
HIGH
Network
|
onstove
|
stove
|
A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. T…
|
CWE-20
Improper Input Validation
|
CVE-2020-7838
|
2024-11-21 14:37 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197637
|
9.8 |
CRITICAL
Network
|
connection-tester_project
|
connection-tester
|
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
|
CWE-78
OS Command
|
CVE-2020-7781
|
2024-11-21 14:37 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197638
|
8.8 |
HIGH
Network
|
polarisoffice
|
polaris_ml_report
|
An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strin…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7837
|
2024-11-21 14:37 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197639
|
7.5 |
HIGH
Network
|
i18n_project
|
i18n
|
This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.
|
NVD-CWE-noinfo
|
CVE-2020-7791
|
2024-11-21 14:37 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197640
|
7.5 |
HIGH
Network
|
ua-parser-js_project
siemens
|
ua-parser-js
sinec_ins
|
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
|
NVD-CWE-Other
|
CVE-2020-7793
|
2024-11-21 14:37 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
