Total
5058 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2024-11-21 | 9.8 Critical |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | ||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-11-21 | 9.8 Critical |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | ||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2024-11-21 | 9.8 Critical |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | ||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2024-11-21 | 9.8 Critical |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | ||||
| CVE-2020-7615 | 1 Fsa Project | 1 Fsa | 2024-11-21 | 7.8 High |
| fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands. | ||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-11-21 | 9.8 Critical |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | ||||
| CVE-2020-7613 | 1 Clamscan Project | 1 Clamscan | 2024-11-21 | 8.1 High |
| clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. | ||||
| CVE-2020-7607 | 1 Gulp-styledocco Project | 1 Gulp-styledocco | 2024-11-21 | 9.8 Critical |
| gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization. | ||||
| CVE-2020-7606 | 1 Docker-compose-remote-api Project | 1 Docker-compose-remote-api | 2024-11-21 | 9.8 Critical |
| docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. | ||||
| CVE-2020-7605 | 1 Gulp-tape Project | 1 Gulp-tape | 2024-11-21 | 9.8 Critical |
| gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options. | ||||
| CVE-2020-7604 | 1 Pulverizr Project | 1 Pulverizr | 2024-11-21 | 9.8 Critical |
| pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command. | ||||
| CVE-2020-7603 | 1 Closure-compiler-stream Project | 1 Closure-compiler-stream | 2024-11-21 | 9.8 Critical |
| closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization. | ||||
| CVE-2020-7602 | 1 Node-prompt-here Project | 1 Node-prompt-here | 2024-11-21 | 9.8 Critical |
| node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. | ||||
| CVE-2020-7601 | 1 Gulp-scss-lint Project | 1 Gulp-scss-lint | 2024-11-21 | 9.8 Critical |
| gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. | ||||
| CVE-2020-7597 | 1 Codecov | 1 Codecov | 2024-11-21 | 8.8 High |
| codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | ||||
| CVE-2020-7596 | 1 Codecov | 1 Nodejs Uploader | 2024-11-21 | 8.8 High |
| Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | ||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2024-11-21 | 7.2 High |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | ||||
| CVE-2020-7389 | 1 Sage | 2 Syracuse, X3 | 2024-11-21 | 5.5 Medium |
| Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production. | ||||
| CVE-2020-7361 | 1 Easycorp | 1 Zentao Pro | 2024-11-21 | 9.6 Critical |
| The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system. | ||||
| CVE-2020-7357 | 1 Cayintech | 11 Cms, Cms-20, Cms-20 Firmware and 8 more | 2024-11-21 | 9.6 Critical |
| Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. | ||||