Lucene search
K

189 matches found

vulnersOsv
vulnersOsv
added 2020/11/27 4:7 p.m.5 views

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +217 more potentially affected by CVE-2020-26245 via systeminformation (>=3.30.6 <=4.30.11)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26245 Source advisory: OSV:GHSA-4V2W-H9JM-MQJG...

9.8CVSS7.2AI score0.01925EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/11/27 4:7 p.m.51 views

Prototype Pollution in systeminformation

Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...

9.8CVSS3.2AI score0.01925EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/11/27 4:7 p.m.14 views

GHSA-4V2W-H9JM-MQJG Prototype Pollution in systeminformation

Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...

8.1CVSS9.5AI score0.01925EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/11/27 12:0 a.m.6 views

Systeminformation Operating System Command Injection Vulnerability

systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in versions prior to npm package systeminformation 4.30.5, which stems from the fact that npm package systeminformation is susceptible to prototype...

9.8CVSS7.3AI score0.01925EPSS
Exploits0References3
NVD
NVD
added 2020/11/26 11:15 a.m.19 views

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.5CVSS7.1AI score0.02393EPSS
Exploits1References5
OSV
OSV
added 2020/11/26 11:15 a.m.4 views

DEBIAN-CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.3CVSS7.1AI score0.02393EPSS
Exploits1References1
OSV
OSV
added 2020/11/26 11:15 a.m.16 views

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.3CVSS6.7AI score
Exploits0References5
CVE
CVE
added 2020/11/26 10:40 a.m.64 views

CVE-2020-7778

CVE-2020-7778 affects systeminformation prior to 4.30.2. It is a prototype pollution vulnerability where an attacker can overwrite object properties (e.g., proto ) to cause code execution, potentially enabling OS commands. Affected versions: systeminformation

7.5CVSS7.2AI score0.02393EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/11/26 10:40 a.m.21 views

CVE-2020-7778 Prototype Pollution

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.3CVSS7.1AI score0.02393EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2020/11/26 10:40 a.m.9 views

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.5CVSS5.8AI score0.02393EPSS
Exploits1
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.7 views

Systeminformation Operating System Command Injection Vulnerability

systeminformation is an Npm software library for individual developers individual developers to obtain operating system information. A security vulnerability exists in systeminformation version 4.30.2, which can be exploited by an attacker to override properties and functions of an object, leadin...

7.5CVSS7.2AI score0.02393EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2020/11/23 4:29 p.m.6 views

@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +24 more potentially affected by CVE-2020-26245 +1 more via systeminformation (>=4.0.10 <=4.30.11)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =1.2.3 - @hnordt/sysinfo =0.1.1 and more Source cves: CVE-2020-26245, CVE-2020-7778 Source advisory: SNYK:JS-SYSTEMINFORMATION-1043753...

9.8CVSS7.1AI score0.02393EPSS
Exploits1
Snyk
Snyk
added 2020/11/23 4:29 p.m.6 views

Prototype Pollution

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Prototype Pollution. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Note: The fix for this vulnerability is...

9.8CVSS8.8AI score0.02393EPSS
Exploits1References2
Veracode
Veracode
added 2020/10/28 4:3 a.m.21 views

OS Command Injection

systeminformation is vulnerable to OS command injection. The inetChecksite, services, inetChecksite, inetLatency, networkStats, services and processLoad functions allow an attacker to inject and execute arbitrary OS commands due to insufficient sanitization...

8.8CVSS4.8AI score0.02712EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2020/10/27 8:40 p.m.6 views

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +205 more potentially affected by CVE-2020-26300 via systeminformation (>=3.30.6 <=4.26.12)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.1.0, =0.5.0-unstable-20220415132826 and more Source cves: CVE-2020-26300 Source advisory: OSV:GHSA-FJ59-F6C3-3VW4...

9.8CVSS7.2AI score0.01407EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/10/27 8:30 p.m.5 views

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +206 more potentially affected by CVE-2020-7752 via systeminformation (>=3.30.6 <=4.26.9)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.4.0-unstable-20200922091941 and more Source cves: CVE-2020-7752 Source advisory: OSV:GHSA-94XH-2FMC-XF5J...

8.8CVSS7.2AI score0.05708EPSS
Exploits1
OSV
OSV
added 2020/10/27 8:30 p.m.16 views

GHSA-94XH-2FMC-XF5J systeminformation command injection vulnerability

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...

8.8CVSS8.8AI score0.05708EPSS
Exploits1References7
Veracode
Veracode
added 2020/10/27 4:55 a.m.15 views

OS Command Injection

systeminformation is vulnerable to OS command injection. The inetChecksite function allows an attacker to inject and execute arbitrary OS commands via curl parameters...

8.8CVSS9.2AI score0.05708EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/10/27 12:0 a.m.2 views

Systeminformation Command Injection Vulnerability

systeminformation is an Npm repository of operating system information for individual developers. A command injection vulnerability exists in systeminformation versions prior to 4.27.11, which allows an attacker to concatenate curl arguments to overwrite a Javascript file and then execute all OS...

8.8CVSS7.5AI score0.05708EPSS
Exploits1References1
NVD
NVD
added 2020/10/26 5:15 p.m.18 views

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

8.8CVSS0.05708EPSS
Exploits1References3
Rows per page
Query Builder