|
202071
|
9.8 |
CRITICAL
Network
|
pulverizr_project
|
pulverizr
|
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct…
|
CWE-78
OS Command
|
CVE-2020-7604
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202072
|
9.8 |
CRITICAL
Network
|
closure-compiler-stream_project
|
closure-compiler-stream
|
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7603
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202073
|
9.8 |
CRITICAL
Network
|
node-prompt-here_project
|
node-prompt-here
|
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env…
|
CWE-78
OS Command
|
CVE-2020-7602
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202074
|
9.8 |
CRITICAL
Network
|
gulp-scss-lint_project
|
gulp-scss-lint
|
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
|
CWE-78
OS Command
|
CVE-2020-7601
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202075
|
5.3 |
MEDIUM
Network
|
querymen_project
|
querymen
|
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7600
|
2024-11-21 14:37 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202076
|
5.6 |
MEDIUM
Network
|
substack
opensuse
|
minimist
leap
|
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7598
|
2024-11-21 14:37 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202077
|
6.1 |
MEDIUM
Network
|
siemens
|
spectrum_power_5
|
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7579
|
2024-11-21 14:37 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202078
|
7.5 |
HIGH
Network
|
jetbrains
|
scala
|
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-7907
|
2024-11-21 14:37 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202079
|
9.8 |
CRITICAL
Network
|
synacor
|
zimbra_collaboration_suite
|
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7796
|
2024-11-21 14:37 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202080
|
9.8 |
CRITICAL
Network
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7450
|
2024-11-21 14:37 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
