Total
3873 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7784 | 1 Ts-process-promises Project | 1 Ts-process-promises | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC: | |||||
CVE-2020-7782 | 1 Spritesheet-js Project | 1 Spritesheet-js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package. | |||||
CVE-2020-7781 | 1 Connection-tester Project | 1 Connection-tester | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | |||||
CVE-2020-7778 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | |||||
CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | |||||
CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | |||||
CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | |||||
CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | |||||
CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
CVE-2020-7698 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. | |||||
CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | |||||
CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | |||||
CVE-2020-7645 | 1 Google | 1 Chrome-launcher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | |||||
CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | |||||
CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | |||||
CVE-2020-7634 | 1 Heroku-addonpool Project | 1 Heroku-addonpool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | |||||
CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | |||||
CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. |