|
196151
|
9.8 |
CRITICAL
Network
|
nodemailer
|
nodemailer
|
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
|
CWE-88
Argument Injection
|
CVE-2020-7769
|
2024-11-21 14:37 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196152
|
9.8 |
CRITICAL
Network
|
grpc
|
grpc
|
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7768
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196153
|
5.3 |
MEDIUM
Network
|
express-validators_project
|
express-validators
|
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7767
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196154
|
7.2 |
HIGH
Network
|
mcafee
|
mvision_endpoint
|
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully co…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7329
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196155
|
7.2 |
HIGH
Network
|
mcafee
|
mvision_endpoint
|
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via impro…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7328
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196156
|
9.8 |
CRITICAL
Network
|
json-ptr_project
|
json-ptr
|
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true.…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7766
|
2024-11-21 14:37 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196157
|
7.5 |
HIGH
Network
|
find-my-way_project
|
find-my-way
|
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a deni…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7764
|
2024-11-21 14:37 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196158
|
7.5 |
HIGH
Network
|
jsreport
|
phantom-html-to-pdf
|
This affects the package phantom-html-to-pdf before 0.6.1.
|
CWE-22
Path Traversal
|
CVE-2020-7763
|
2024-11-21 14:37 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196159
|
6.5 |
MEDIUM
Network
|
jsreport
|
jsreport-chrome-pdf
|
This affects the package jsreport-chrome-pdf before 1.10.0.
|
CWE-22
Path Traversal
|
CVE-2020-7762
|
2024-11-21 14:37 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196160
|
5.3 |
MEDIUM
Network
|
absolunet
|
kafe
|
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.
|
NVD-CWE-noinfo
|
CVE-2020-7761
|
2024-11-21 14:37 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
