|
201881
|
8.4 |
HIGH
Local
|
mcafee
|
total_protection
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
NVD-CWE-noinfo
|
CVE-2020-7298
|
2024-11-21 14:37 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201882
|
8.8 |
HIGH
Local
|
gog
|
galaxy
|
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-7352
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201883
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7823
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201884
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7822
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201885
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7829
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201886
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7828
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201887
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and …
|
CWE-416
Use After Free
|
CVE-2020-7827
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201888
|
9.8 |
CRITICAL
Network
|
express-fileupload_project
netapp
|
express-fileupload
max_data
|
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7699
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201889
|
9.8 |
CRITICAL
Network
|
gerapy
|
gerapy
|
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
|
CWE-78
OS Command
|
CVE-2020-7698
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201890
|
9.8 |
CRITICAL
Network
|
mock2easy_project
|
mock2easy
|
This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout)…
|
CWE-77
Command Injection
|
CVE-2020-7697
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
