Total
4541 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7778 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 7.3 High |
| This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | ||||
| CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2024-11-21 | 9.8 Critical |
| This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | ||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 8.8 High |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | ||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.6 Medium |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | ||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 9.8 Critical |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | ||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2024-11-21 | 7.2 High |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | ||||
| CVE-2020-7698 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 8.1 High |
| This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. | ||||
| CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 8.4 High |
| The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | ||||
| CVE-2020-7677 | 3 Debian, Fedoraproject, Thenify Project | 3 Debian Linux, Fedora, Thenify | 2024-11-21 | 8.6 High |
| This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | ||||
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2024-11-21 | 9.8 Critical |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | ||||
| CVE-2020-7645 | 1 Google | 1 Chrome-launcher | 2024-11-21 | 9.8 Critical |
| All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | ||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2024-11-21 | 9.8 Critical |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | ||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2024-11-21 | 9.8 Critical |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | ||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2024-11-21 | 9.8 Critical |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | ||||
| CVE-2020-7634 | 1 Heroku-addonpool Project | 1 Heroku-addonpool | 2024-11-21 | 9.8 Critical |
| heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | ||||
| CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2024-11-21 | 9.8 Critical |
| apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | ||||
| CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2024-11-21 | 9.8 Critical |
| node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | ||||
| CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2024-11-21 | 9.8 Critical |
| diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | ||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2024-11-21 | 9.8 Critical |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | ||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2024-11-21 | 9.8 Critical |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | ||||