700 matches found
PT-2023-23501 · Yank Note · Yank Note
Name of the Vulnerable Software and Affected Versions: Yank Note YN version 3.52.1 Description: The issue allows for the execution of arbitrary code when a crafted file is opened. This can be achieved, for example, via nodeRequire'child process'. Recommendations: For Yank Note YN version 3.52.1,...
Remote code execution in dawnsparks-node-tesseract
dawnsparks-node-tesseract before 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
PT-2023-21374 · Unknown · Rails-Routes-To-Json
Name of the Vulnerable Software and Affected Versions: rails-routes-to-json version 1.0.0 Description: The issue is related to a remote code execution RCE vulnerability via the child process function. Recommendations: For rails-routes-to-json version 1.0.0, consider disabling the child process...
CVE-2023-29566
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
CVE-2023-29566
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
PT-2023-21373 · Unknown · Broccoli-Compass
Name of the Vulnerable Software and Affected Versions: broccoli-compass version 0.2.4 Description: The issue is related to a remote code execution RCE vulnerability. It is exploited via the child process function. Recommendations: For broccoli-compass version 0.2.4, consider restricting the use o...
npm rails-routes-to-json 命令注入漏洞
npm rails-routes-to-json is a library from the US-based npm. A security vulnerability exists in npm rails-routes-to-json v1.0.0, which stems from the discovery of a remote code execution RCE vulnerability contained via the childprocess function...
PT-2023-22308 · Unknown · Huedawn-Tesseract +1
Name of the Vulnerable Software and Affected Versions: huedawn-tesseract version 0.3.3 dawnsparks-node-tesseract versions 0.4.0 through 0.4.1 Description: The issue is related to a remote code execution RCE vulnerability via the child process function. Recommendations: For huesdawn-tesseract...
FUXA 1.1.13-1186 Remote Code Execution
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
PT-2023-12208 · Unknown · Stoqey Gnuplot
Name of the Vulnerable Software and Affected Versions: Stoqey gnuplot versions 0.0.3 and earlier Description: An issue in Stoqey gnuplot allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child process, and/or filePath parameters. Recommendations: For Stoqey gnuplot...
K91025336: Linux kernel vulnerability CVE-2019-13272
Security Advisory Description In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child...
SUSE CVE-2012-0028
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process...
SUSE CVE-2012-2979
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process SIGSEGV and cause a denial of service in the NSD server...
Arbitrary Code Execution
Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary Code Execution via the renderFile method. Note: The following conditions are required to...
CVE-2023-23597
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...
Security Vulnerabilities fixed in Firefox 109 — Mozilla
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. Due to the Firefox GTK wrapper...
GSD-2022-1006420 sch_sfb: Don't assume the skb is still around after enqueueing to child
schsfb: Don't assume the skb is still around after enqueueing to child This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.213 by commit...
PT-2022-34677 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.39 through 5.4.212 Description: The issue is related to a potential security problem in the Linux Kernel, where it is assumed that a certain packet skb remains available after being added to a queue for a child...
GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...