|
198351
|
9.8 |
CRITICAL
Network
|
arr-flatten-unflatten_project
|
arr-flatten-unflatten
|
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7713
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198352
|
7.8 |
HIGH
Local
|
schneider-electric
|
somove
|
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and s…
|
-
|
CVE-2020-7527
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198353
|
8.8 |
HIGH
Network
|
apc
|
powerchute
|
Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.
|
-
|
CVE-2020-7526
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198354
|
7.5 |
HIGH
Network
|
schneider-electric
|
spacelynk_firmware
wiser_for_knx_firmware
|
Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a pas…
|
-
|
CVE-2020-7525
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198355
|
7.5 |
HIGH
Network
|
schneider-electric
|
modicon_m218_firmware
|
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending…
|
-
|
CVE-2020-7524
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198356
|
7.8 |
HIGH
Local
|
schneider-electric
|
modbus_driver_suite
modbus_serial_driver
|
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Ser…
|
-
|
CVE-2020-7523
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198357
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
apc_easy_ups_online_software
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method …
|
-
|
CVE-2020-7522
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198358
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
apc_easy_ups_online_software
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method …
|
-
|
CVE-2020-7521
|
2024-11-21 14:37 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198359
|
7.2 |
HIGH
Network
|
joyent
oracle
|
json
commerce_guided_search
timesten_in-memory_database
financial_services_regulatory_reporting_with_agilereporter
financial_services_crime_and_compliance_management_studio
|
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
|
CWE-78
OS Command
|
CVE-2020-7712
|
2024-11-21 14:37 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198360
|
4.8 |
MEDIUM
Network
|
mcafee
|
application_and_change_control
|
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7309
|
2024-11-21 14:37 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
