@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +183 more potentially affected by CVE-2020-7699 via express-fileupload (>=0.0.5 <=1.1.6)

express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-7699 Source advisory: OSV:GHSA-9WCG-JRWF-8GG7...

fastapi-skywalking-middleware (>=0.1.0 <=0.2.0), fastapi-skywalking-trace (=0.0.1) +3 more potentially affected by CVE-2020-13921 via apache-skywalking (>=1.0.1 <=1.2.0)

apache-skywalking PYPI version =1.0.1, =0.1.0, =0.0.12, =0.1.1, =2024080701.0.0, =20250116003.0.0 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...

PT-2020-14196 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint...

CVE-2020-5617

Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors...

@aoboxinda/budget (>=0.1.155 <=0.1.186), @excitare/entry-graphql (=0.0.1-alpha.151) +4 more potentially affected by CVE-2020-7699 via express-fileupload (>=1.0.0 <=1.1.1-alpha.3)

express-fileupload NPM version =1.0.0, =0.1.155, =0.0.1-alpha.151, =0.0.1-alpha.44, =1.1.0, =1.0.0, =1.0.4 Source cves: CVE-2020-7699 Source advisory: SNYK:JS-EXPRESSFILEUPLOAD-595969...

CVE-2020-4644

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

IBM QRadar SIEM Carbon Black Response Cross-Site Scripting Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. Carbon Black Response i...

Unspecified Vulnerability in Sylabs Singularity (CNVD-2020-52438)

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.0 through 3.5. An attacker can exploit the vulnerability to bypass ECL protection...

CVE-2020-14563

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications component: WebGUI. Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Unspecified Vulnerability in Oracle Primavera Portfolio Management (CNVD-2020-52050)

Primavera Portfolio Management is a software solution for advising, planning, controlling and strategically analyzing your portfolio. A security vulnerability exists in the Web Server component in Primavera Portfolio Management 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0. An attacker could...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2020-44273)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, etc. Advanced Outbound Telephony is one of the tools used for outbound ca...

CVE-2020-14171

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle MITM attack...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +3019 more potentially affected by CVE-2020-4075 via electron (>=0.1.2 <=7.2.3)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =0.1.0, =0.11.5 and more Source cves: CVE-2020-4075 Source advisory: OSV:GHSA-F9MQ-JPH6-9MHM...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +4554 more potentially affected by CVE-2019-2692 via mysql:mysql-connector-java (>=3.0.10 <=8.0.15)

mysql:mysql-connector-java MAVEN version =3.0.10, =0.1.0, =4.1.3, =0.0.13, =1.13.3, =Finchley.SR2.SR1, =1.0.0, =0.0.3, =0.0.5 - at.molindo:molindo-mysql-collations-lib =0.1.0 - bd.ac.seu.erp:model =0.0.2 and more Source cves: CVE-2019-2692 Source advisory: OSV:GHSA-JCQ3-CPRP-M333...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

PuTTY Information Disclosure Vulnerability

PuTTY is a suite of free Telnet, Rlogin and SSH client software from Simon Tatham Software Developers. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions 0.68 through 0.73. An attacker could exploit the vulnerability to...

alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +7 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.13.0)

beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =2025.1.0b3, =25.0.1, =1.0.0, =2025.1.0b3, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:PYSEC-2020-216...

08cms (=1.0.0), 0card-images-helper (=1.0.2) +5078 more potentially affected by CVE-2020-7661 via url-regex (>=1.0.4 <=5.0.0)

url-regex NPM version =1.0.4, =1.0.3, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.1 - 3e =1.0.0 and more Source cves: CVE-2020-7661 Source advisory: OSV:GHSA-V4RH-8P82-6H5W...

CVE-2020-7492

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded...