Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | |||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | |||||
| CVE-2020-7615 | 1 Fsa Project | 1 Fsa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands. | |||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | |||||
| CVE-2020-7613 | 1 Clamscan Project | 1 Clamscan | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. | |||||
| CVE-2020-7607 | 1 Gulp-styledocco Project | 1 Gulp-styledocco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization. | |||||
| CVE-2020-7606 | 1 Docker-compose-remote-api Project | 1 Docker-compose-remote-api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. | |||||
| CVE-2020-7605 | 1 Gulp-tape Project | 1 Gulp-tape | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options. | |||||
| CVE-2020-7604 | 1 Pulverizr Project | 1 Pulverizr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command. | |||||
| CVE-2020-7603 | 1 Closure-compiler-stream Project | 1 Closure-compiler-stream | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization. | |||||
| CVE-2020-7602 | 1 Node-prompt-here Project | 1 Node-prompt-here | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. | |||||