|
198041
|
9.8 |
CRITICAL
Network
|
gulp-tape_project
|
gulp-tape
|
gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.
|
CWE-78
OS Command
|
CVE-2020-7605
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198042
|
9.8 |
CRITICAL
Network
|
pulverizr_project
|
pulverizr
|
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct…
|
CWE-78
OS Command
|
CVE-2020-7604
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198043
|
9.8 |
CRITICAL
Network
|
closure-compiler-stream_project
|
closure-compiler-stream
|
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7603
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198044
|
9.8 |
CRITICAL
Network
|
node-prompt-here_project
|
node-prompt-here
|
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env…
|
CWE-78
OS Command
|
CVE-2020-7602
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198045
|
9.8 |
CRITICAL
Network
|
gulp-scss-lint_project
|
gulp-scss-lint
|
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
|
CWE-78
OS Command
|
CVE-2020-7601
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198046
|
5.3 |
MEDIUM
Network
|
querymen_project
|
querymen
|
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7600
|
2024-11-21 14:37 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198047
|
5.6 |
MEDIUM
Network
|
substack
opensuse
|
minimist
leap
|
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7598
|
2024-11-21 14:37 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198048
|
6.1 |
MEDIUM
Network
|
siemens
|
spectrum_power_5
|
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7579
|
2024-11-21 14:37 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198049
|
7.5 |
HIGH
Network
|
jetbrains
|
scala
|
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-7907
|
2024-11-21 14:37 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198050
|
9.8 |
CRITICAL
Network
|
synacor
|
zimbra_collaboration_suite
|
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-7796
|
2024-11-21 14:37 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
