| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. |
| This affects all versions of package google-cloudstorage-commands. |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. |
| This affects all versions of package node-latex-pdf. |
| All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) |
| All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId. |
| This affects all versions of package curljs. |
| This affects all versions of package s3-kilatstorage. |
| This affects all versions of package monorepo-build. |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. |
| During installation with certain driver software or application packages an arbitrary code execution could occur. |
| HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414). |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415). |
| In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. |
| The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur. |
| The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. |
