gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument ‘options’ of the exports function in ‘index.js’ can be controlled by users without any sanitization. Date published : 2020-03-15 https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within ‘index.js’ of the package, the function ‘exec(serviceName, cmd, fnStdout, fnStderr, fnExit)’ uses the variable ‘serviceName’ which can be controlled by users without any sanitization. Date...
gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of ‘gulp-tape’ options. Date published : 2020-03-15 https://snyk.io/vuln/SNYK-JS-GULPTAPE-560124
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without...
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization. Date published : 2020-03-15 https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to...
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. Date published : 2020-03-15 https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware...
Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on...
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware...
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware...
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute...
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via...
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism...