|
199021
|
7.8 |
HIGH
Local
|
mversion_project
|
mversion
|
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
|
CWE-78
OS Command
|
CVE-2020-7688
|
2024-11-21 14:37 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199022
|
7.5 |
HIGH
Network
|
node.bcrypt.js_project
|
node.bcrypt.js
|
Data is truncated wrong when its length is greater than 255 bytes.
|
CWE-190
CWE-327
Integer Overflow or Wraparound
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7689
|
2024-11-21 14:37 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199023
|
7.8 |
HIGH
Local
|
hmtalk
|
daoffice
dava\+
daview_indy
|
A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.n…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-7816
|
2024-11-21 14:37 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199024
|
6.1 |
MEDIUM
Network
|
rapid7
|
metasploit
|
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7355
|
2024-11-21 14:37 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199025
|
5.4 |
MEDIUM
Network
|
rapid7
|
metasploit
|
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7354
|
2024-11-21 14:37 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199026
|
7.5 |
HIGH
Network
|
sas
|
go_rpm_utils
|
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which lead…
|
CWE-22
Path Traversal
|
CVE-2020-7667
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199027
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_tz_project
|
compression_and_archive_extensions_tz_project
|
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker …
|
CWE-22
Path Traversal
|
CVE-2020-7668
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199028
|
7.5 |
HIGH
Network
|
compression_and_archive_extensions_project
|
compression_and_archive_extensions_zip_project
|
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker…
|
CWE-22
Path Traversal
|
CVE-2020-7664
|
2024-11-21 14:37 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199029
|
9.8 |
CRITICAL
Network
|
casperjs
|
casperjs
|
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7679
|
2024-11-21 14:37 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199030
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_t300_firmware
|
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7513
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
