Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318. This bulletin contains information addressing the vulnerability. Vulnerability Details...

systeminformation 操作系统命令注入漏洞

systeminformation is an Npm repository for obtaining operating system information by Sebastian Hildebrandt, an individual developer. An OS command injection vulnerability exists in systeminformation versions prior to 5.27.14, which stems from an OS command injection vulnerability in the fsSize...

EUVD-2020-1423

Malware in sbrugna...

CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

CVE-2020-26300

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix...

DEBIAN-CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

DEBIAN-CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

DEBIAN-CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

Command injection

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

Systeminformation Operating System Command Injection Vulnerability

systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in versions prior to npm package systeminformation 4.30.5, which stems from the fact that npm package systeminformation is susceptible to prototype...

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

Prototype Pollution

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Prototype Pollution. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Note: The fix for this vulnerability is...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...