This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.
NVD-CWE-Other
CVE-2020-28503
The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.
CVE-2020-28442
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
CVE-2020-28449
This affects all versions of package decal. The vulnerability is in the set function.
CVE-2020-28450
This affects all versions of package decal. The vulnerability is in the extend function.
CVE-2020-28331
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.