|
199151
|
9.8 |
CRITICAL
Network
|
node-extend_project
|
node-extend
|
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `…
|
CWE-94
Code Injection
|
CVE-2020-7673
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199152
|
7.8 |
HIGH
Local
|
siemens
|
simatic_pcs_7
simatic_step_7
sinamics_starter
simatic_process_device_manager
|
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All version…
|
-
|
CVE-2020-7586
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199153
|
7.8 |
HIGH
Local
|
siemens
|
simatic_pcs_7
simatic_step_7
sinamics_starter
simatic_process_device_manager
|
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All version…
|
-
|
CVE-2020-7585
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199154
|
6.7 |
MEDIUM
Local
|
siemens
|
simatic_pcs_7
simatic_wincc
simatic_wincc_runtime_advanced
sinema_server
simatic_net_pc
simatic_prosave
simatic_pcs_neo
simatic_automatic_tool
simatic_step_7
simatic_wincc_…
|
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIM…
|
-
|
CVE-2020-7580
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199155
|
8.6 |
HIGH
Network
|
mosc_project
|
mosc
|
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution.
|
CWE-94
Code Injection
|
CVE-2020-7672
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199156
|
7.5 |
HIGH
Network
|
goliath_project
|
goliath
|
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sendi…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7671
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199157
|
7.5 |
HIGH
Network
|
ohler
|
agoo
|
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possibl…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7670
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199158
|
6.8 |
MEDIUM
Physics
|
freebsd
netapp
|
freebsd
clustered_data_ontap
|
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-7456
|
2024-11-21 14:37 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199159
|
5.4 |
MEDIUM
Network
|
angularjs
|
angular.js
|
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes par…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7676
|
2024-11-21 14:37 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199160
|
7.5 |
HIGH
Network
|
url-regex_project
|
url-regex
|
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-7661
|
2024-11-21 14:37 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
