Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | |||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | |||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package node-latex-pdf. | |||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package curljs. | |||||
| CVE-2022-2323 | 1 Sonicwall | 14 Sws12-10fpoe, Sws12-10fpoe Firmware, Sws12-8 and 11 more | 2022-08-08 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2022-08-06 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2022-08-05 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | |||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2022-08-05 | N/A | 9.8 CRITICAL |
| This affects all versions of package monorepo-build. | |||||
| CVE-2020-7795 | 1 Get-npm-package-version Project | 1 Get-npm-package-version | 2022-08-05 | N/A | 9.8 CRITICAL |
| The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | |||||
| CVE-2022-29558 | 1 Realtek | 1 Rtl819x Software Development Kit | 2022-08-04 | N/A | 8.8 HIGH |
| Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. | |||||
| CVE-2016-4991 | 1 Nodepdf Project | 1 Nodepdf | 2022-08-04 | N/A | 9.8 CRITICAL |
| Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. | |||||
| CVE-2020-28422 | 1 Git-archive Project | 1 Git-archive | 2022-08-01 | N/A | 7.8 HIGH |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. | |||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | |||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | |||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2022-07-31 | N/A | 9.8 CRITICAL |
| This affects all versions of package google-cloudstorage-commands. | |||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2022-07-31 | N/A | 9.8 CRITICAL |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | |||||
| CVE-2020-27227 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-07-29 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system. | |||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2022-07-28 | N/A | 9.8 CRITICAL |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | |||||
| CVE-2021-42538 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2022-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | |||||