|
209021
|
9.8 |
CRITICAL
Network
|
deephas_project
|
deephas
|
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28271
|
2024-11-21 14:22 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209022
|
9.8 |
CRITICAL
Network
|
mjpclab
|
object-hierarchy-access
|
Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28270
|
2024-11-21 14:22 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209023
|
9.8 |
CRITICAL
Network
|
exodus
|
field
|
Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28269
|
2024-11-21 14:22 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209024
|
5.3 |
MEDIUM
Network
|
lettre
|
lettre
|
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
|
NVD-CWE-noinfo
|
CVE-2020-28247
|
2024-11-21 14:22 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209025
|
5.4 |
MEDIUM
Network
|
dundas
|
dundas_bi
|
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28409
|
2024-11-21 14:22 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209026
|
5.4 |
MEDIUM
Network
|
dundas
|
dundas_bi
|
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28408
|
2024-11-21 14:22 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209027
|
4.4 |
MEDIUM
Local
|
xen
fedoraproject
debian
|
xen
fedora
debian_linux
|
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Pl…
|
CWE-862
Missing Authorization
|
CVE-2020-28368
|
2024-11-21 14:22 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209028
|
7.8 |
HIGH
Local
|
tcl
|
32s330_firmware
40s330_firmware
43s434_firmware
50s434_firmware
55s434_firmware
65s434_firmware
75s434_firmware
|
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28055
|
2024-11-21 14:22 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209029
|
7.5 |
HIGH
Network
|
set_project
|
set
|
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
|
NVD-CWE-noinfo
|
CVE-2020-28267
|
2024-11-21 14:22 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209030
|
8.8 |
HIGH
Adjacent
|
netgear
|
r6400v2_firmware
r6400_firmware
r7000p_firmware
xr300_firmware
r8000_firmware
r8300_firmware
r8500_firmware
r7300dst_firmware
r7850_firmware
r7900_firmware
rax20_firmwar…
|
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28373
|
2024-11-21 14:22 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
