There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file...
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on...
STMicroelectronics STM32F1 devices have Incorrect Access Control. Date published : 2020-04-06 https://blog.zapb.de/stm32f1-exceptional-failure/
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function ‘set’ could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload. Date published : 2020-04-06 https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435
confinit through 0.3.0 is vulnerable to Prototype Pollution.The ‘setDeepProperty’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload. Date published : 2020-04-06 https://github.com/davideicardi/confinit/commit/a34e06ca5c1c8b047ef112ef188b2fe30d2a1eab https://snyk.io/vuln/SNYK-JS-CONFINIT-564433
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. Date published : 2020-04-06 https://github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e https://snyk.io/vuln/SNYK-JS-CLASSTRANSFORMER-564431
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. Date published : 2020-04-06 https://snyk.io/vuln/SNYK-JS-ADBDRIVER-564430 https://www.npmjs.com/package/adb-driver
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. Date published : 2020-04-06 https://github.com/quaertym/compass-compile/blob/master/lib/compass.js#L25 https://snyk.io/vuln/SNYK-JS-COMPASSCOMPILE-564429
heroku-addonpool through 0.1.15 is vulnerable to Command Injection. Date published : 2020-04-06 https://github.com/nodef/heroku-addonpool/blob/master/index.js https://snyk.io/vuln/SNYK-JS-HEROKUADDONPOOL-564428
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. Date published : 2020-04-06 https://openbase.io/js/apiconnect-cli-plugins https://snyk.io/vuln/SNYK-JS-APICONNECTCLIPLUGINS-564427
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. Date published : 2020-04-06 https://github.com/j-holub/Node-MPV/blob/master/lib/util.js#L34 https://snyk.io/vuln/SNYK-JS-NODEMPV-564426
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. Date published : 2020-04-06 https://github.com/iximiuz/node-diskusage-ng/blob/master/lib/posix.js#L11 https://snyk.io/vuln/SNYK-JS-DISKUSAGENG-564425
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn’t being abused for HTTP Response Splitting....
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the...