|
196251
|
7.8 |
HIGH
Local
|
hmtalk
|
daoffice
dava\+
daview_indy
|
A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.n…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-7816
|
2024-11-21 14:37 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196252
|
6.1 |
MEDIUM
Network
|
rapid7
|
metasploit
|
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7355
|
2024-11-21 14:37 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196253
|
5.4 |
MEDIUM
Network
|
rapid7
|
metasploit
|
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7354
|
2024-11-21 14:37 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196254
|
7.5 |
HIGH
Network
|
sas
|
go_rpm_utils
|
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which lead…
|
CWE-22
Path Traversal
|
CVE-2020-7667
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196255
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_tz_project
|
compression_and_archive_extensions_tz_project
|
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker …
|
CWE-22
Path Traversal
|
CVE-2020-7668
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196256
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_project
|
compression_and_archive_extensions_zip_project
|
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker…
|
CWE-22
Path Traversal
|
CVE-2020-7664
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196257
|
9.8 |
CRITICAL
Network
|
casperjs
|
casperjs
|
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7679
|
2024-11-21 14:37 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196258
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7513
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196259
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the …
|
NVD-CWE-Other
|
CVE-2020-7512
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196260
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7511
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
