|
197741
|
6.5 |
MEDIUM
Network
|
fastify
|
fastify
|
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted sche…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8192
|
2024-11-21 14:38 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197742
|
8.8 |
HIGH
Network
|
citrix
|
workspace
|
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
|
CWE-287
Improper Authentication
|
CVE-2020-8207
|
2024-11-21 14:38 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197743
|
5.5 |
MEDIUM
Local
|
jpeg-js_project
|
jpeg-js
|
Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8175
|
2024-11-21 14:38 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197744
|
8.1 |
HIGH
Network
|
nodejs
oracle
netapp
|
node.js
banking_extensibility_workbench
retail_xstore_point_of_service
mysql_cluster
blockchain_platform
snapcenter
oncommand_workflow_automation
oncommand_insight
active_iq_u…
|
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-8174
|
2024-11-21 14:38 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197745
|
7.8 |
HIGH
Local
|
lenovo
|
drivers_management
|
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-8326
|
2024-11-21 14:38 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197746
|
7.8 |
HIGH
Local
|
lenovo
|
drivers_management
|
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
|
CWE-426
Untrusted Search Path
|
CVE-2020-8317
|
2024-11-21 14:38 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197747
|
7.5 |
HIGH
Network
|
servey_project
|
servey
|
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.
|
CWE-22
Path Traversal
|
CVE-2020-8214
|
2024-11-21 14:38 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197748
|
8.8 |
HIGH
Network
|
automattic
|
canvas
|
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8215
|
2024-11-21 14:38 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197749
|
7.5 |
HIGH
Network
|
transloadit
|
uppy
|
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interac…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8205
|
2024-11-21 14:38 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197750
|
9.8 |
CRITICAL
Network
|
jison_project
|
jison
|
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
|
CWE-78
OS Command
|
CVE-2020-8178
|
2024-11-21 14:38 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
