702 matches found
PT-2022-34677 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.39 through 5.4.212 Description: The issue is related to a potential security problem in the Linux Kernel, where it is assumed that a certain packet skb remains available after being added to a queue for a child...
GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...
Font-Converter Vulnerable to Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...
CVE-2022-21165 Arbitrary Command Injection
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...
node-js-font-converter 安全漏洞
node-js-font-converter is a FontForge wrapper for zgec individual developers. It allows conversion between different font formats TTF, WOFF, OTF. A security vulnerability exists in all versions of the node-js-font-converter package, which stems from a lack of sanitization of input that may be...
Malicious code in uplex-child-process (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8368b463b71f466eecd3d878bec93228d62f8ea08c428859cd8ba850d292543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in duplex-child-rocess (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3ec325a6dc92f083b06d506e89526c20430b1740c4af5e7d3df470e48c455f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in duplex-child-orocess (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80c9a50168c6e1e994ec5162bc0269e152ff4c19a7341943ecde6cd1574a2ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2614 Malicious code in duplex-child-orocess (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80c9a50168c6e1e994ec5162bc0269e152ff4c19a7341943ecde6cd1574a2ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6813 Malicious code in uplex-child-process (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8368b463b71f466eecd3d878bec93228d62f8ea08c428859cd8ba850d292543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2615 Malicious code in duplex-child-rocess (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3ec325a6dc92f083b06d506e89526c20430b1740c4af5e7d3df470e48c455f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF Affected versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC ...
NodePDF 命令注入漏洞
NodePDF is a PDF rendering tool based on Node.js. A security vulnerability exists in NodePDF version 1.3.0, which stems from the fact that during PDF rendering, input passed to the Pdf function is escaped by the shell and passed to childprocess.exec. However, shell escaping does not correctly...
GHSA-WF5X-CR3R-XR77 vm2 before 3.6.11 vulnerable to sandbox escape
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...
CVE-2019-10761 Sandbox Bypass
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...
vm2 安全漏洞
vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 prior to 3.6.11, which stems from reaching the stack call limit via infinite...
GHSA-8J9V-QHP4-WV55 Node-Traceroute RCE Vulnerability
The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...
Mozilla: Speech Synthesis feature not properly disabled
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of the parent process not properly checking whether the Speech Synthesis feature is enabled when receiving instructions from a child process...