|
197061
|
4.3 |
MEDIUM
Network
|
yandex
|
yandex_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7369
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197062
|
4.3 |
MEDIUM
Network
|
ucweb
|
uc_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
NVD-CWE-Other
|
CVE-2020-7364
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197063
|
4.3 |
MEDIUM
Network
|
ucweb
|
uc_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
NVD-CWE-noinfo
|
CVE-2020-7363
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197064
|
7.6 |
HIGH
Network
|
osm-static-maps_project
|
osm-static-maps
|
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to injec…
|
CWE-79
CWE-74
Cross-site Scripting
Injection
|
CVE-2020-7749
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197065
|
8.1 |
HIGH
Network
|
ts.ed_project
|
ts.ed
|
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attac…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7748
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197066
|
6.3 |
MEDIUM
Network
|
lightning-viz
|
lightning
|
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7747
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197067
|
7.1 |
HIGH
Network
|
mintegral
|
mintegraladsdk
|
This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can rem…
|
CWE-94
Code Injection
|
CVE-2020-7745
|
2024-11-21 14:37 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197068
|
8.8 |
HIGH
Network
|
siemens
|
siport_mp
|
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (…
|
-
|
CVE-2020-7591
|
2024-11-21 14:37 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197069
|
4.7 |
MEDIUM
Network
|
mintegral
|
mintegraladsdk
|
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls e…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-7744
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197070
|
6.7 |
MEDIUM
Local
|
mcafee
|
mvision_endpoint_detection_and_response
|
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Wind…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-7327
|
2024-11-21 14:37 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
