Security Vulnerabilities - CVEs Published In April 2020
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-04-02
op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-04-02
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-04-02
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-04-02
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-04-02
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-04-02
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-04-02
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-04-02
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
CVSS Score
9.8
EPSS Score
0.016
Published
2020-04-02
There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.
CVSS Score
8.0
EPSS Score
0.002
Published
2020-04-02