Code injection

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Malicious Package

Overview after-exec is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...

Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF Affected versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC ...

Insecure Signature Verification

github.com/sigstore/cosign is vulnerable to insecure signature verification. The vulnerability exists in the Exec function in verifyattestation.go because the library does not properly validate the signature which allows an attacker to gain access to system data and execute malicious code...

Command Injection

gitblame is vulnerable to command injection. The vulnerability exists because the module.export function of gitblame.js does not properly sanitize the file parameter inside the exec functionality, allowing an attacker to inject and execute malicious code...

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

Veritas Backup Exec Remote Agent Detection Consolidation

Consolidation of Veritas Backup Exec Remote Agent detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc";...

GO-2022-0532 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either "..com" or "..exe"...

Command Injection

deferred-exec is vulnerable to command injection. The vulnerability exists in deferredChildProcess function in deferred-exec.js because the command execution is not properly validated which allows an attacker to inject and execute malicious commands...

Injection Vulnerability

go has injection vulnerability. The vulnerability exists due to a lack of sanitization in Cmd.Start in os/exec allowing execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: OSV:GHSA-54W4-2F2P-F48H...

deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

GHSA-54W4-2F2P-F48H deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

Code injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438 Command Injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...