Export limit exceeded: 42196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7715 | 1 Deep-get-set Project | 1 Deep-get-set | 2024-11-21 | 9.8 Critical |
| All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. | ||||
| CVE-2020-7714 | 1 Realseriousgames | 1 Confucious | 2024-11-21 | 9.8 Critical |
| All versions of package confucious are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7713 | 1 Arr-flatten-unflatten Project | 1 Arr-flatten-unflatten | 2024-11-21 | 9.8 Critical |
| All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. | ||||
| CVE-2020-7708 | 1 Irrelon | 2 \@irrelon\/path, Irrelon-path | 2024-11-21 | 9.8 Critical |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. | ||||
| CVE-2020-7707 | 1 Property-expr Project | 1 Property-expr | 2024-11-21 | 9.8 Critical |
| The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. | ||||
| CVE-2020-7706 | 1 Connie-lang Project | 1 Connie-lang | 2024-11-21 | 9.8 Critical |
| The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. | ||||
| CVE-2020-7705 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 7.1 High |
| This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | ||||
| CVE-2020-7704 | 1 Linux-cmdline Project | 1 Linux-cmdline | 2024-11-21 | 9.8 Critical |
| The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. | ||||
| CVE-2020-7703 | 1 Nis-utils Project | 1 Nis-utils | 2024-11-21 | 9.8 Critical |
| All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. | ||||
| CVE-2020-7702 | 1 Templ8 Project | 1 Templ8 | 2024-11-21 | 9.8 Critical |
| All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. | ||||
| CVE-2020-7701 | 1 Springtree | 1 Madlib-object-utils | 2024-11-21 | 9.8 Critical |
| madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. | ||||
| CVE-2020-7700 | 1 Php.js Project | 1 Php.js | 2024-11-21 | 9.8 Critical |
| All versions of phpjs are vulnerable to Prototype Pollution via parse_str. | ||||
| CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-11-21 | 7.5 High |
| This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. | ||||
| CVE-2020-7694 | 1 Encode | 1 Uvicorn | 2024-11-21 | 3.7 Low |
| This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). | ||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2024-11-21 | 5.9 Medium |
| Data is truncated wrong when its length is greater than 255 bytes. | ||||
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | 5.4 Medium |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | ||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.3 High |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | ||||
| CVE-2020-7663 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Satellite and 2 more | 2024-11-21 | 7.5 High |
| websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | ||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2024-11-21 | 8.1 High |
| fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.3 Medium |
| paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||