CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-0446

Malware in sbrugna...

9.8CVSS9.2AI score0.0262EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-0287

Malware in sbrugna...

10CVSS9AI score0.02922EPSS

Exploits0References7

RedhatCVE•added 2025/02/05 2:11 p.m.•7 views

CVE-2020-11079

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

9.8CVSS7.9AI score0.0262EPSS

Exploits0References1

IBM Security Bulletins•added 2024/10/25 3:24 p.m.•12 views

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

10CVSS7.5AI score0.05132EPSS

Exploits1Affected Software1

OSV•added 2020/08/27 10:26 p.m.•1 views

GHSA-C6H2-MPC6-232H Command Injection in dns-sync

Withdrawn: Duplicate of GHSA-jcw8-r9xm-32c6...

7.2AI score

Exploits0References3

Github Security Blog•added 2020/08/27 10:26 p.m.•11 views

Command Injection in dns-sync

Withdrawn: Duplicate of GHSA-jcw8-r9xm-32c6...

1.7AI score

Exploits0References4Affected Software1

Veracode•added 2020/05/29 2:44 a.m.•17 views

OS Command Injection

dns-sync is vulnerable to OS command injection. A remote attacker is able to inject and execute arbitrary OS command via a malicious URL...

9.8CVSS5.9AI score0.0262EPSS

Exploits0References4Affected Software1

CNVD•added 2020/05/29 12:0 a.m.•1 views

node-dns-sync code injection vulnerability

node-dns-sync is a package that synchronizes/blocks DNS resolution from the American developers of Skoranga Software. A code injection vulnerability exists in node-dns-sync version 0.2.0 and earlier. A remote attacker can exploit this vulnerability to execute code...

9.8CVSS7.8AI score0.0262EPSS

Exploits0References1

Prion•added 2020/05/28 7:15 p.m.•19 views

Design/Logic Flaw

7.5CVSS9.8AI score0.0262EPSS

Exploits0References2Affected Software1

vulnersOsv•added 2020/05/28 6:42 p.m.•1 views

@blitzbank/dashboard (>=0.0.1 <=0.0.2), @bloombox/js-client (=1.1.4) +22 more potentially affected by CVE-2020-11079 via dns-sync (=0.1.3)

dns-sync NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on dns-sync and may be impacted: - @blitzbank/dashboard =0.0.1, =0.1.0, =1.0.2, =1.0.1, =1.0.1, =2.2.37, =0.0.1, =0.2.24, =0.0.1, =1.0.0, =2.0.3 and more Source cves: CVE-2020-110...

9.8CVSS7.2AI score0.0262EPSS

Exploits0

Github Security Blog•added 2020/05/28 6:42 p.m.•96 views

Command injection in node-dns-sync

dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input...

9.8CVSS4.4AI score0.0262EPSS

Exploits0References4Affected Software1

CVE•added 2020/05/28 6:40 p.m.•115 views

CVE-2020-11079

Summary : CVE-2020-11079 affects the npm package node-dns-sync (dns-sync) up to version 0.2.0. The vulnerability allows execution of arbitrary commands via a vulnerable method when driven by untrusted input, potentially leading to remote code execution. A fix is available in version 0.2.1. Affect...

9.8CVSS9.6AI score0.0262EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/05/28 6:40 p.m.•29 views

CVE-2020-11079 command injection fix in node-dns-sync

8.6CVSS9.9AI score0.0262EPSS

Exploits0References2

Veracode•added 2019/07/10 4:47 a.m.•18 views

Command Injection

dns-sync is vulnerable to command injection. Lack of input validation allows an attacker to submit input into resolve method, whcih would allow arbitrary command injection on the system...

9.8CVSS9.8AI score0.05132EPSS

Exploits1References3Affected Software1

OSV•added 2018/07/26 4:24 p.m.•0 views

GHSA-WXVM-FH75-MPGR Critical severity vulnerability that affects dns-sync

Withdrawn, accidental duplicate publish. The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

10CVSS7.5AI score0.02922EPSS

Exploits0References2

Github Security Blog•added 2018/07/26 4:24 p.m.•15 views

Critical severity vulnerability that affects dns-sync

10CVSS7.2AI score0.02922EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2018/07/18 6:28 p.m.•40 views

Command Injection in dns-sync

Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve...

10CVSS6.8AI score0.05132EPSS

Exploits1References9Affected Software1

OSV•added 2018/07/18 6:28 p.m.•12 views

GHSA-JCW8-R9XM-32C6 Command Injection in dns-sync

10CVSS7.5AI score0.05132EPSS

Exploits1References9

CNVD•added 2018/06/29 12:0 a.m.•2 views

dns-sync Command Injection Vulnerability

dns-sync is a library used in Node.js that allows to resolve hostnames in a synchronized way. A security vulnerability exists in dns-sync. An attacker can exploit this vulnerability to inject commands with untrusted user input...

10CVSS9.3AI score0.05132EPSS

Exploits1References1