|
202981
|
7.5 |
HIGH
Network
|
umbraco
|
umbraco_forms
|
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-7685
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202982
|
5.3 |
MEDIUM
Network
|
encode
|
uvicorn
|
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or …
|
CWE-74
Injection
|
CVE-2020-7695
|
2024-11-21 14:37 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202983
|
7.5 |
HIGH
Network
|
encode
|
uvicorn
|
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour …
|
CWE-94
CWE-116
Code Injection
Improper Encoding or Escaping of Output
|
CVE-2020-7694
|
2024-11-21 14:37 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202984
|
7.5 |
HIGH
Network
|
fast-http_project
|
fast-http
|
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.
|
CWE-22
Path Traversal
|
CVE-2020-7687
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202985
|
7.5 |
HIGH
Network
|
rollup-plugin-dev-server_project
|
rollup-plugin-dev-server
|
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.
|
CWE-22
Path Traversal
|
CVE-2020-7686
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202986
|
7.5 |
HIGH
Network
|
rollup-plugin-server_project
|
rollup-plugin-server
|
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.
|
CWE-22
Path Traversal
|
CVE-2020-7683
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202987
|
7.5 |
HIGH
Network
|
marked-tree_project
|
marked-tree
|
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
|
CWE-22
Path Traversal
|
CVE-2020-7682
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202988
|
7.5 |
HIGH
Network
|
indo-mars
|
marscode
|
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.
|
CWE-22
Path Traversal
|
CVE-2020-7681
|
2024-11-21 14:37 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202989
|
4.7 |
MEDIUM
Network
|
schneider-electric
|
software_update_utility
|
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on th…
|
CWE-601
Open Redirect
|
CVE-2020-7520
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202990
|
7.5 |
HIGH
Network
|
schneider-electric
|
easergy_builder
|
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
|
CWE-521
Weak Password Requirements
|
CVE-2020-7519
|
2024-11-21 14:37 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
