A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software...
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit...
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to...
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. Date published : 2020-04-02 https://github.com/jonschlinkert/git-add-remote/blob/master/index.js#L21, https://snyk.io/vuln/SNYK-JS-GITADDREMOTE-564269
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. Date published : 2020-04-02 https://github.com/1000ch/install-package/blob/master/index.js#L82, https://snyk.io/vuln/SNYK-JS-INSTALLPACKAGE-564267
umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. Date published : 2020-04-02 https://snyk.io/vuln/SNYK-JS-UMOUNT-564265
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the ‘arrParams’ argument in the ‘execute()’ function. Date published : 2020-04-02 https://github.com/garimpeiro-it/node-key-sender/blob/master/key-sender.js#L117, https://snyk.io/vuln/SNYK-JS-NODEKEYSENDER-564261
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. Date published : 2020-04-02 https://github.com/amireh/karma-mojo/blob/master/index.js#L100, https://snyk.io/vuln/SNYK-JS-KARMAMOJO-564260
op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. Date published : 2020-04-02 https://github.com/hiproxy/open-browser/blob/master/lib/index.js#L75, https://snyk.io/vuln/SNYK-JS-OPBROWSER-564259
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. Date published : 2020-04-02 https://github.com/Javascipt/effect/blob/master/helper.js#L24, https://snyk.io/vuln/SNYK-JS-EFFECT-564256
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. Date published : 2020-04-02 https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59, https://snyk.io/vuln/SNYK-JS-JSCOVER-564250
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the ‘_nginxCmd()’ function. Date published : 2020-04-02 https://github.com/strongloop/strong-nginx-controller/blob/master/lib/server.js#L65, https://snyk.io/vuln/SNYK-JS-STRONGNGINXCONTROLLER-564248
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of ‘pomelo-monitor’ params. Date published : 2020-04-02 https://github.com/halfblood369/monitor/blob/900b5cadf59edcccac4754e5706a22719925ddb9/lib/processMonitor.js, https://snyk.io/vuln/SNYK-JS-POMELOMONITOR-173695
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. Date published : 2020-04-02 https://github.com/chardos/get-git-data/blob/master/index.js#L7, https://snyk.io/vuln/SNYK-JS-GETGITDATA-564222