Lucene search
K

700 matches found

Positive Technologies
Positive Technologies
added 2023/05/28 12:0 a.m.4 views

PT-2023-23501 · Yank Note · Yank Note

Name of the Vulnerable Software and Affected Versions: Yank Note YN version 3.52.1 Description: The issue allows for the execution of arbitrary code when a crafted file is opened. This can be achieved, for example, via nodeRequire'child process'. Recommendations: For Yank Note YN version 3.52.1,...

8.8CVSS7.6AI score0.04898EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2023/04/24 6:30 p.m.29 views

Remote code execution in dawnsparks-node-tesseract

dawnsparks-node-tesseract before 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.8CVSS7.6AI score0.02159EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.7 views

PT-2023-21374 · Unknown · Rails-Routes-To-Json

Name of the Vulnerable Software and Affected Versions: rails-routes-to-json version 1.0.0 Description: The issue is related to a remote code execution RCE vulnerability via the child process function. Recommendations: For rails-routes-to-json version 1.0.0, consider disabling the child process...

9.8CVSS9.7AI score0.01782EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.4 views

CVE-2023-29566

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.9AI score0.02159EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.16 views

CVE-2023-29566

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

10AI score0.02159EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.5 views

PT-2023-21373 · Unknown · Broccoli-Compass

Name of the Vulnerable Software and Affected Versions: broccoli-compass version 0.2.4 Description: The issue is related to a remote code execution RCE vulnerability. It is exploited via the child process function. Recommendations: For broccoli-compass version 0.2.4, consider restricting the use o...

9.8CVSS9.6AI score0.01859EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.6 views

npm rails-routes-to-json 命令注入漏洞

npm rails-routes-to-json is a library from the US-based npm. A security vulnerability exists in npm rails-routes-to-json v1.0.0, which stems from the discovery of a remote code execution RCE vulnerability contained via the childprocess function...

9.8CVSS9.2AI score0.01782EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.4 views

PT-2023-22308 · Unknown · Huedawn-Tesseract +1

Name of the Vulnerable Software and Affected Versions: huedawn-tesseract version 0.3.3 dawnsparks-node-tesseract versions 0.4.0 through 0.4.1 Description: The issue is related to a remote code execution RCE vulnerability via the child process function. Recommendations: For huesdawn-tesseract...

9.8CVSS8.2AI score0.02159EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.346 views

FUXA 1.1.13-1186 Remote Code Execution

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

6.8AI score
Exploits0
OSV
OSV
added 2023/03/10 4:15 p.m.3 views

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...

9.8CVSS6AI score0.01127EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.3 views

PT-2023-12208 · Unknown · Stoqey Gnuplot

Name of the Vulnerable Software and Affected Versions: Stoqey gnuplot versions 0.0.3 and earlier Description: An issue in Stoqey gnuplot allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child process, and/or filePath parameters. Recommendations: For Stoqey gnuplot...

9.8CVSS9.6AI score0.01127EPSS
Exploits1References7
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.151 views

K91025336: Linux kernel vulnerability CVE-2019-13272

Security Advisory Description In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child...

7.8CVSS6.2AI score0.52199EPSS
Exploits21
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2012-0028

The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process...

7.2CVSS6.7AI score0.00499EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-2979

FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process SIGSEGV and cause a denial of service in the NSD server...

7.5CVSS6.8AI score0.01736EPSS
Exploits0References3
Snyk
Snyk
added 2023/02/02 1:40 p.m.2 views

Arbitrary Code Execution

Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary Code Execution via the renderFile method. Note: The following conditions are required to...

9.8CVSS7.2AI score0.01028EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/01/18 12:0 a.m.31 views

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

6.5CVSS6.9AI score0.0034EPSS
Exploits0References3
Mozilla
Mozilla
added 2023/01/17 12:0 a.m.111 views

Security Vulnerabilities fixed in Firefox 109 — Mozilla

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. Due to the Firefox GTK wrapper...

6.5CVSS0.3AI score0.00641EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/10/02 1:43 p.m.9 views

GSD-2022-1006420 sch_sfb: Don't assume the skb is still around after enqueueing to child

schsfb: Don't assume the skb is still around after enqueueing to child This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.213 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/02 12:0 a.m.1 views

PT-2022-34677 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.39 through 5.4.212 Description: The issue is related to a potential security problem in the Linux Kernel, where it is assumed that a certain packet skb remains available after being added to a queue for a child...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/08/29 8:6 p.m.6 views

GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...

9.8CVSS5.9AI score0.02991EPSS
Exploits1References4
Rows per page
Query Builder