Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75849 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7692 | 2 Google, Redhat | 3 Oauth Client Library For Java, Ocp Tools, Openshift | 2024-11-21 | 7.4 High |
| PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | ||||
| CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 8.4 High |
| The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | ||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-11-21 | 7.5 High |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | ||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | ||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | ||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2024-11-21 | 7.5 High |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-11-21 | 7.5 High |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.3 High |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | ||||
| CVE-2020-7678 | 1 Node-import Project | 1 Node-import | 2024-11-21 | 8.6 High |
| This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js". | ||||
| CVE-2020-7677 | 3 Debian, Fedoraproject, Thenify Project | 3 Debian Linux, Fedora, Thenify | 2024-11-21 | 8.6 High |
| This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | ||||
| CVE-2020-7672 | 1 Mosc Project | 1 Mosc | 2024-11-21 | 8.6 High |
| mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution. | ||||
| CVE-2020-7671 | 1 Goliath Project | 1 Goliath | 2024-11-21 | 7.5 High |
| goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. | ||||
| CVE-2020-7670 | 1 Ohler | 1 Agoo | 2024-11-21 | 7.5 High |
| agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing. | ||||
| CVE-2020-7669 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | ||||
| CVE-2020-7668 | 1 Compression And Archive Extensions Tz Project | 1 Compression And Archive Extensions Tz Project | 2024-11-21 | 7.5 High |
| In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | ||||
| CVE-2020-7667 | 1 Sas | 1 Go Rpm Utils | 2024-11-21 | 7.5 High |
| In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. | ||||
| CVE-2020-7666 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | ||||
| CVE-2020-7665 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | ||||
| CVE-2020-7664 | 1 Compression And Archive Extensions Project | 1 Compression And Archive Extensions Zip Project | 2024-11-21 | 7.5 High |
| In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | ||||