|
202101
|
7.5 |
HIGH
Network
|
indo-mars
|
marscode
|
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.
|
CWE-22
Path Traversal
|
CVE-2020-7681
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202102
|
4.7 |
MEDIUM
Network
|
schneider-electric
|
software_update_utility
|
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on th…
|
CWE-601
Open Redirect
|
CVE-2020-7520
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202103
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_builder
|
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
|
CWE-521
Weak Password Requirements
|
CVE-2020-7519
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202104
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_builder
|
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.
|
CWE-20
Improper Input Validation
|
CVE-2020-7518
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202105
|
5.5 |
MEDIUM
Local
|
schneider-electric
|
easergy_builder
|
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7517
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202106
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
|
-
|
CVE-2020-7516
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202107
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
|
-
|
CVE-2020-7515
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202108
|
7.8 |
HIGH
Local
|
schneider-electric
|
easergy_builder
|
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials f…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7514
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202109
|
7.5 |
HIGH
Network
|
schneider-electric
|
tricon_tcm_4351_firmware
tricon_tcm_4352_firmware
tricon_tcm_4351a_firmware
tricon_tcm_4351b_firmware
tricon_tcm_4352a_firmware
tricon_tcm_4352b_firmware
tristation_1131_firmware
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. T…
|
NVD-CWE-noinfo
|
CVE-2020-7491
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202110
|
6.1 |
MEDIUM
Network
|
docsifyjs
|
docsify
|
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of valid…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7680
|
2024-11-21 14:37 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
