Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26274PUBLISHED: 2020-12-16
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
CVE-2020-35133PUBLISHED: 2020-12-16
irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.
CVE-2020-7781PUBLISHED: 2020-12-16
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
CVE-2019-14479PUBLISHED: 2020-12-16
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software.
CVE-2019-14481PUBLISHED: 2020-12-16
AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover.