|
198791
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
|
-
|
CVE-2020-7516
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198792
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
|
-
|
CVE-2020-7515
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198793
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials f…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7514
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198794
|
7.5 |
HIGH
Network
|
schneider-electric
|
tricon_tcm_4351_firmware
tricon_tcm_4352_firmware
tricon_tcm_4351a_firmware
tricon_tcm_4351b_firmware
tricon_tcm_4352a_firmware
tricon_tcm_4352b_firmware
tristation_1131_firmware
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. T…
|
NVD-CWE-noinfo
|
CVE-2020-7491
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198795
|
6.1 |
MEDIUM
Network
|
docsifyjs
|
docsify
|
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of valid…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7680
|
2024-11-21 14:37 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198796
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7818
|
2024-11-21 14:37 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198797
|
9.8 |
CRITICAL
Network
|
eyesurfer
|
bflyinstallerx.ocx
|
EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leverag…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-7826
|
2024-11-21 14:37 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198798
|
9.8 |
CRITICAL
Network
|
tobesoft
|
miplatform
|
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending …
|
CWE-78
OS Command
|
CVE-2020-7825
|
2024-11-21 14:37 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198799
|
5.3 |
MEDIUM
Network
|
react-native-fast-image_project
|
react-native-fast-image
|
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images w…
|
CWE-200
Information Exposure
|
CVE-2020-7696
|
2024-11-21 14:37 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198800
|
9.8 |
CRITICAL
Network
|
rollup-plugin-serve_project
|
rollup-plugin-serve
|
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation.
|
CWE-22
Path Traversal
|
CVE-2020-7684
|
2024-11-21 14:37 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
