Total
2810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7695 | 1 Encode | 1 Uvicorn | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. | |||||
| CVE-2020-7694 | 1 Encode | 1 Uvicorn | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). | |||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | |||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | |||||
| CVE-2020-7634 | 1 Heroku-addonpool Project | 1 Heroku-addonpool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | |||||
| CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | |||||
| CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | |||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | |||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | |||||
| CVE-2020-7613 | 1 Clamscan Project | 1 Clamscan | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. | |||||
| CVE-2020-7609 | 1 Node-rules Project | 1 Node-rules | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization. | |||||