Total
83419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2020-7734 | 1 Arachnys | 1 Cabot | 2024-11-21 | 3.5 LOW | 8.2 HIGH |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | |||||
| CVE-2020-7733 | 2 Oracle, Ua-parser-js Project | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Ua-parser-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | |||||
| CVE-2020-7731 | 1 Gosaml2 Project | 1 Gosaml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |||||
| CVE-2020-7729 | 2 Debian, Gruntjs | 2 Debian Linux, Grunt | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | |||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
| CVE-2020-7711 | 1 Goxmldsig Project | 1 Goxmldsig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |||||
| CVE-2020-7710 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | |||||
| CVE-2020-7705 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | |||||
| CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. | |||||
| CVE-2020-7698 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. | |||||
| CVE-2020-7695 | 1 Encode | 1 Uvicorn | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. | |||||
| CVE-2020-7692 | 1 Google | 1 Oauth Client Library For Java | 2024-11-21 | 6.4 MEDIUM | 7.4 HIGH |
| PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | |||||
| CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | |||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | |||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | |||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | |||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||