Vulnerabilities (CVE)

Filtered by CWE-78
Total 3873 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7784 1 Ts-process-promises Project 1 Ts-process-promises 2024-11-21 7.5 HIGH 9.8 CRITICAL
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:
CVE-2020-7782 1 Spritesheet-js Project 1 Spritesheet-js 2024-11-21 7.5 HIGH 9.8 CRITICAL
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
CVE-2020-7781 1 Connection-tester Project 1 Connection-tester 2024-11-21 7.5 HIGH 9.8 CRITICAL
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
CVE-2020-7778 1 Systeminformation 1 Systeminformation 2024-11-21 7.5 HIGH 7.3 HIGH
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVE-2020-7775 1 Freediskspace Project 1 Freediskproject 2024-11-21 7.5 HIGH 9.8 CRITICAL
This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.
CVE-2020-7752 1 Systeminformation 1 Systeminformation 2024-11-21 6.5 MEDIUM 8.8 HIGH
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7735 1 Ng-packagr Project 1 Ng-packagr 2024-11-21 6.5 MEDIUM 6.6 MEDIUM
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
CVE-2020-7730 1 Bestzip Project 1 Bestzip 2024-11-21 7.5 HIGH 9.8 CRITICAL
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.
CVE-2020-7712 2 Joyent, Oracle 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
CVE-2020-7698 1 Gerapy 1 Gerapy 2024-11-21 7.5 HIGH 8.1 HIGH
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
CVE-2020-7688 1 Mversion Project 1 Mversion 2024-11-21 4.6 MEDIUM 8.4 HIGH
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
CVE-2020-7646 1 Curlrequest Project 1 Curlrequest 2024-11-21 7.5 HIGH 9.8 CRITICAL
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input.
CVE-2020-7645 1 Google 1 Chrome-launcher 2024-11-21 7.5 HIGH 9.8 CRITICAL
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
CVE-2020-7640 1 Pixlcore 1 Pixl-class 2024-11-21 7.5 HIGH 9.8 CRITICAL
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.
CVE-2020-7636 1 Adb-driver Project 1 Adb-driver 2024-11-21 7.5 HIGH 9.8 CRITICAL
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.
CVE-2020-7635 1 Compass-compile Project 1 Compass-compile 2024-11-21 7.5 HIGH 9.8 CRITICAL
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument.
CVE-2020-7634 1 Heroku-addonpool Project 1 Heroku-addonpool 2024-11-21 7.5 HIGH 9.8 CRITICAL
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.
CVE-2020-7633 1 Apiconnect-cli-plugins Project 1 Apiconnect-cli-plugins 2024-11-21 7.5 HIGH 9.8 CRITICAL
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7632 1 Node-mpv Project 1 Node-mpv 2024-11-21 7.5 HIGH 9.8 CRITICAL
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7631 1 Diskusage-ng Project 1 Diskusage-ng 2024-11-21 7.5 HIGH 9.8 CRITICAL
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.