Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7745 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 7.1 High |
| This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | ||||
| CVE-2020-7744 | 2 Google, Mintegral | 2 Android, Mintegraladsdk | 2024-11-21 | 4.7 Medium |
| This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background). | ||||
| CVE-2020-7743 | 2 Mathjs, Redhat | 2 Mathjs, Ansible Tower | 2024-11-21 | 7.3 High |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | ||||
| CVE-2020-7742 | 1 Simpl-schema Project | 1 Simpl-schema | 2024-11-21 | 7.5 High |
| This affects the package simpl-schema before 1.10.2. | ||||
| CVE-2020-7741 | 1 Hello.js Project | 1 Hello.js | 2024-11-21 | 9.9 Critical |
| This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1). | ||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 8.2 High |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | ||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 8.2 High |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | ||||
| CVE-2020-7738 | 1 Shiba Project | 1 Shiba | 2024-11-21 | 8.3 High |
| All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | ||||
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2024-11-21 | 7.3 High |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.3 High |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.6 Medium |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | ||||
| CVE-2020-7734 | 1 Arachnys | 1 Cabot | 2024-11-21 | 8.2 High |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | ||||
| CVE-2020-7733 | 3 Oracle, Redhat, Ua-parser-js Project | 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | ||||
| CVE-2020-7731 | 1 Gosaml2 Project | 1 Gosaml2 | 2024-11-21 | 7.5 High |
| This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | ||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 9.8 Critical |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | ||||
| CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2024-11-21 | 7.1 High |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | ||||
| CVE-2020-7727 | 1 Gedi Project | 1 Gedi | 2024-11-21 | 9.8 Critical |
| All versions of package gedi are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2024-11-21 | 9.8 Critical |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | ||||
| CVE-2020-7725 | 1 Guidesmiths | 1 Worksmith | 2024-11-21 | 9.8 Critical |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | ||||
| CVE-2020-7724 | 1 Tiny-conf Project | 1 Tiny-conf | 2024-11-21 | 9.8 Critical |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | ||||