|
200221
|
9.8 |
CRITICAL
Network
|
jointjs
|
jointjs
|
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the obje…
|
NVD-CWE-Other
|
CVE-2020-28480
|
2024-11-21 14:22 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200222
|
7.5 |
HIGH
Network
|
jointjs
|
jointjs
|
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.
|
NVD-CWE-noinfo
|
CVE-2020-28479
|
2024-11-21 14:22 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200223
|
7.5 |
HIGH
Network
|
greensock
|
greensock_animation_platform
|
This affects the package gsap before 3.6.0.
|
NVD-CWE-noinfo
|
CVE-2020-28478
|
2024-11-21 14:22 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200224
|
7.5 |
HIGH
Network
|
immer_project
|
immer
|
This affects all versions of package immer.
|
NVD-CWE-noinfo
|
CVE-2020-28477
|
2024-11-21 14:22 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200225
|
9.8 |
CRITICAL
Network
|
amazon
|
aws_shared_configuration_file_loader
aws_sdk_for_javascipt
|
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadS…
|
NVD-CWE-noinfo
|
CVE-2020-28472
|
2024-11-21 14:22 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200226
|
6.1 |
MEDIUM
Network
|
scully
|
scully
|
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28470
|
2024-11-21 14:22 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200227
|
6.8 |
MEDIUM
Network
|
bottlepy
debian
|
bottle
debian_linux
|
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28473
|
2024-11-21 14:22 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200228
|
5.5 |
MEDIUM
Local
|
siemens
|
opcenter_execution_core
|
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sess…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-28390
|
2024-11-21 14:22 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200229
|
7.8 |
HIGH
Local
|
siemens
|
solid_edge
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28386
|
2024-11-21 14:22 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200230
|
7.8 |
HIGH
Local
|
siemens
|
solid_edge
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28384
|
2024-11-21 14:22 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
