Total
5641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23399 | 1 Wincred Project | 1 Wincred | 2024-11-21 | 7.3 High |
| This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23381 | 1 Killing Project | 1 Killing | 2024-11-21 | 7.3 High |
| This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23380 | 1 Roar-pidusage Project | 1 Roar-pidusage | 2024-11-21 | 5.6 Medium |
| This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23379 | 1 Portkiller Project | 1 Portkiller | 2024-11-21 | 7.3 High |
| This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23378 | 1 Picotts Project | 1 Picotts | 2024-11-21 | 9.8 Critical |
| This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23377 | 1 Onion-oled-js Project | 1 Onion-oled-js | 2024-11-21 | 9.8 Critical |
| This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23376 | 1 Ffmpegdotjs Project | 1 Ffmpegdotjs | 2024-11-21 | 9.8 Critical |
| This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23375 | 1 Psnode Project | 1 Psnode | 2024-11-21 | 7.3 High |
| This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23374 | 1 Ps-visitor Project | 1 Ps-visitor | 2024-11-21 | 7.3 High |
| This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23363 | 1 Kill-by-port Project | 1 Kill-by-port | 2024-11-21 | 6.3 Medium |
| This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23360 | 1 Killport Project | 1 Killport | 2024-11-21 | 7.5 High |
| This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | ||||
| CVE-2021-23359 | 1 Port-killer Project | 1 Port-killer | 2024-11-21 | 7.5 High |
| This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | ||||
| CVE-2021-23356 | 1 Kill-process-by-name Project | 1 Kill-process-by-name | 2024-11-21 | 5.6 Medium |
| This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. | ||||
| CVE-2021-23355 | 1 Ps-kill Project | 1 Ps-kill | 2024-11-21 | 5.6 Medium |
| This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){}); | ||||
| CVE-2021-23348 | 1 Portprocesses Project | 1 Portprocesses | 2024-11-21 | 6.3 Medium |
| This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23337 | 5 Lodash, Netapp, Oracle and 2 more | 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more | 2024-11-21 | 7.2 High |
| Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | ||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-11-21 | 9.8 Critical |
| All versions of package launchpad are vulnerable to Command Injection via stop. | ||||
| CVE-2021-23326 | 1 The-guild | 1 Graphql-tools | 2024-11-21 | 6.3 Medium |
| This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. | ||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-11-21 | 10 Critical |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | ||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-11-21 | 6.3 Medium |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | ||||