|
208841
|
9.8 |
CRITICAL
Network
|
merge_project
|
merge
|
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
|
NVD-CWE-noinfo
|
CVE-2020-28499
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208842
|
7.5 |
HIGH
Network
|
fasterxml
quarkus
oracle
|
jackson-dataformats-binary
quarkus
weblogic_server
|
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lan…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-28491
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208843
|
6.5 |
MEDIUM
Network
|
reportlab
fedoraproject
|
reportlab
fedora
|
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28463
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208844
|
7.5 |
HIGH
Network
|
three_project
|
three
|
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i+…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-28496
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208845
|
9.8 |
CRITICAL
Network
|
async-git_project
|
async-git
|
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
|
CWE-78
OS Command
|
CVE-2020-28490
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208846
|
7.2 |
HIGH
Network
|
microweber
|
microweber
|
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulner…
|
CWE-22
Path Traversal
|
CVE-2020-28337
|
2024-11-21 14:22 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208847
|
5.3 |
MEDIUM
Network
|
lodash
oracle
siemens
|
lodash
primavera_unifier
peoplesoft_enterprise_peopletools
retail_customer_management_and_segmentation_foundation
communications_services_gatekeeper
enterprise_communications_broker
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
|
NVD-CWE-Other
|
CVE-2020-28500
|
2024-11-21 14:22 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
208848
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28596
|
2024-11-21 14:22 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208849
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code ex…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28595
|
2024-11-21 14:22 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208850
|
5.5 |
MEDIUM
Local
|
siemens
|
jt2go
teamcenter_visualization
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when p…
|
-
|
CVE-2020-28394
|
2024-11-21 14:22 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
