Lucene search
K

700 matches found

Microsoft CVE
Microsoft CVE
added 2024/11/01 7:0 a.m.5 views

PHP-FPM logs from children may be altered

...

3.3CVSS6.9AI score0.00482EPSS
Exploits1
CVE
CVE
added 2024/10/08 5:0 a.m.88 views

CVE-2024-21532

The CVE-2024-21532 issue affects the npm package ggit. Affected versions allow Command Injection via fetchTags(branch): user input specifies the branch, which is concatenated into a git command that is passed to Node.js child_process.exec(), enabling potentially arbitrary commands. Root cause is ...

7.3CVSS7.4AI score0.01247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/08 5:0 a.m.15 views

CVE-2024-21532

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

7.3CVSS7.4AI score0.01247EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/08 5:0 a.m.21 views

CVE-2024-21532

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

7.3CVSS0.01247EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/16 12:0 a.m.20 views

CVE-2024-44623

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the childprocess.js function...

0.0116EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.3 views

SPX Graphics Controller 安全漏洞

SPX Graphics Controller is a graphics controller by Tuomo Kulomaa Personal Developer. Manage and control HTML graphics in real-time productions. A security vulnerability exists in SPX Graphics Controller version v.1.3.0 and earlier versions. A remote attacker can exploit this vulnerability to...

9.8CVSS7.6AI score0.0116EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/09/13 5:11 p.m.114 views

Exploit for Code Injection in Spx Spx_Graphics_Controller

CVE-2024-44623 In SPX-GC...

9.8CVSS10AI score0.0116EPSS
Exploits1
OSV
OSV
added 2024/09/07 4:15 p.m.1 views

UBUNTU-CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.8AI score0.01098EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/07 4:0 p.m.30 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS0.01098EPSS
Exploits0References1
CVE
CVE
added 2024/09/07 4:0 p.m.1606 views

CVE-2024-36138

CVE-2024-36138 is a chain-vulnerability tied to Node.js: it bypasses the incomplete fix for CVE-2024-27980, exploiting improper handling of batch files on Windows via child_process.spawn/spawnSync. This can allow a malicious command line argument to inject commands and achieve code execution even...

8.1CVSS7.8AI score0.01098EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/09/07 4:0 p.m.123 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS8.5AI score0.01098EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/09/07 4:0 p.m.39 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.5AI score0.01098EPSS
Exploits0
OSV
OSV
added 2024/07/16 7:33 a.m.24 views

SUSE-SU-2024:2496-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

8.1CVSS7.5AI score0.01387EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/07/10 3:28 a.m.3 views

SUSE CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS8.9AI score0.01098EPSS
Exploits0References8
Snyk
Snyk
added 2024/07/09 9:39 a.m.3 views

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection'. This is due to a bypass of CVE-2024-27980. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. Note...

8.1CVSS8.1AI score0.01098EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/12 2:11 a.m.3 views

SUSE CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS8.9AI score0.01387EPSS
Exploits0References8
Snyk
Snyk
added 2024/04/09 12:0 a.m.2 views

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection' due to the improper handling of batch files in childprocess.spawn or childprocess.spawnSync. An attacker can inject arbitrary commands and achieve code execution even if the shell...

8.1CVSS8AI score0.01387EPSS
Exploits0References2
0day.today
0day.today
added 2024/03/18 12:0 a.m.422 views

vm2 - Sandbox Escape Exploit

/ Exploit Title: vm2 Sandbox Escape vulnerability Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM = require"vm2";...

10CVSS9.5AI score0.02342EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2024/03/06 5:4 p.m.24 views

Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...

8.8CVSS7.9AI score0.02276EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2024/01/30 6:30 a.m.10 views

GHSA-VVH2-82C7-PPFG network Arbitrary Command Injection vulnerability

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the childprocess exec function without input sanitization. If attacker-controlled user input is given to the macaddressfor function of the package, it is possible for an attacker to execute...

7.3CVSS10AI score0.03235EPSS
Exploits1References7
Rows per page
Query Builder