{"vulnerability": "CVE-2019-1080", "sightings": [{"uuid": "0ce65f59-7933-4e15-ae63-639bc762d854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10800", "type": "seen", "source": "https://t.me/cibsecurity/46156", "content": "\u203c CVE-2019-10800 \u203c\n\nThis affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T16:26:22.000000Z"}, {"uuid": "06a1b01e-829e-40cf-9a37-53ab09627337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10805", "type": "seen", "source": "https://t.me/cibsecurity/10186", "content": "ATENTION\u203c New - CVE-2019-10805\n\nvalib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-29T00:33:03.000000Z"}, {"uuid": "74f2a58f-e977-43be-9c10-fdfee9d317b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10804", "type": "seen", "source": "https://t.me/cibsecurity/10187", "content": "ATENTION\u203c New - CVE-2019-10804\n\nserial-number through 1.3.0 allows execution of arbritary commands. The \"cmdPrefix\" argument in serialNumber function is used by the \"exec\" function without any validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-29T00:33:03.000000Z"}, {"uuid": "f324eec8-10f9-4eee-b076-761004b66d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10803", "type": "seen", "source": "https://t.me/cibsecurity/10188", "content": "ATENTION\u203c New - CVE-2019-10803\n\npush-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable \"opt.branch\" is not validated before being provided to the \"git\" command within \"index.js#L139\". This could be abused by an attacker to inject arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-29T00:33:04.000000Z"}, {"uuid": "638142fd-2cfa-4b7a-ab6a-002bdd8242bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10802", "type": "seen", "source": "https://t.me/cibsecurity/10189", "content": "ATENTION\u203c New - CVE-2019-10802\n\ngiting version prior to 0.0.8 allows execution of arbritary commands. The first argument \"repo\" of function \"pull()\" is executed by the package without any validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-29T00:33:05.000000Z"}, {"uuid": "1135d892-3a66-4604-98b4-36ac09040c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10801", "type": "seen", "source": "https://t.me/cibsecurity/10190", "content": "ATENTION\u203c New - CVE-2019-10801\n\nenpeem through 2.2.0 allows execution of arbitrary commands. The \"options.dir\" argument is provided to the \"exec\" function without any sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-29T00:33:06.000000Z"}]}