Export limit exceeded: 366988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366988 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2024-11-21 | 9.8 Critical |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | ||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2024-11-21 | 9.8 Critical |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | ||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2024-11-21 | 9.8 Critical |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | ||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2024-11-21 | 9.8 Critical |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | ||||
| CVE-2020-7622 | 1 Jooby | 1 Jooby | 2024-11-21 | 6.5 Medium |
| This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. | ||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-11-21 | 9.8 Critical |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | ||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2024-11-21 | 9.8 Critical |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | ||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2024-11-21 | 9.8 Critical |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | ||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2024-11-21 | 5.3 Medium |
| sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | ||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 4.4 Medium |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | ||||
| CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2024-11-21 | 5.3 Medium |
| express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | ||||
| CVE-2020-7615 | 1 Fsa Project | 1 Fsa | 2024-11-21 | 7.8 High |
| fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands. | ||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-11-21 | 9.8 Critical |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | ||||
| CVE-2020-7613 | 1 Clamscan Project | 1 Clamscan | 2024-11-21 | 8.1 High |
| clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. | ||||
| CVE-2020-7611 | 1 Objectcomputing | 1 Micronaut | 2024-11-21 | 9.8 Critical |
| All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client. | ||||
| CVE-2020-7610 | 1 Mongodb | 1 Bson | 2024-11-21 | 9.8 Critical |
| All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type. | ||||
| CVE-2020-7609 | 1 Node-rules Project | 1 Node-rules | 2024-11-21 | 9.8 Critical |
| node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization. | ||||
| CVE-2020-7608 | 2 Redhat, Yargs | 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more | 2024-11-21 | 5.3 Medium |
| yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||||
| CVE-2020-7607 | 1 Gulp-styledocco Project | 1 Gulp-styledocco | 2024-11-21 | 9.8 Critical |
| gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization. | ||||
| CVE-2020-7606 | 1 Docker-compose-remote-api Project | 1 Docker-compose-remote-api | 2024-11-21 | 9.8 Critical |
| docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. | ||||