Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28472PUBLISHED: 2021-01-19
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further ...
CVE-2020-28477PUBLISHED: 2021-01-19This affects all versions of package immer.
CVE-2020-28478PUBLISHED: 2021-01-19This affects the package gsap before 3.6.0.
CVE-2021-22850PUBLISHED: 2021-01-19HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
CVE-2021-22851PUBLISHED: 2021-01-19HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
User Rank: Apprentice
12/28/2020 | 3:54:24 AM