|
196291
|
5.4 |
MEDIUM
Network
|
angularjs
|
angular.js
|
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes par…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7676
|
2024-11-21 14:37 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196292
|
7.5 |
HIGH
Network
|
url-regex_project
|
url-regex
|
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7661
|
2024-11-21 14:37 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196293
|
7.5 |
HIGH
Network
|
websocket-extensions_project
debian
canonical
|
websocket-extensions
debian_linux
ubuntu_linux
|
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string…
|
NVD-CWE-Other
|
CVE-2020-7663
|
2024-11-21 14:37 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196294
|
7.5 |
HIGH
Network
|
websocket-extensions_project
|
websocket-extensions
|
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string …
|
NVD-CWE-Other
|
CVE-2020-7662
|
2024-11-21 14:37 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196295
|
8.1 |
HIGH
Network
|
verizon
|
serialize-javascript
|
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7660
|
2024-11-21 14:37 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196296
|
7.5 |
HIGH
Network
|
celluloid
|
reel
|
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Conte…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7659
|
2024-11-21 14:37 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196297
|
7.5 |
HIGH
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-7654
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196298
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files…
|
CWE-22
Path Traversal
|
CVE-2020-7650
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196299
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragme…
|
CWE-22
Path Traversal
|
CVE-2020-7648
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196300
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelis…
|
CWE-59
Link Following
|
CVE-2020-7653
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
