Lucene search
K

702 matches found

Positive Technologies
Positive Technologies
added 2022/10/02 12:0 a.m.2 views

PT-2022-34677 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.39 through 5.4.212 Description: The issue is related to a potential security problem in the Linux Kernel, where it is assumed that a certain packet skb remains available after being added to a queue for a child...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/08/29 8:6 p.m.7 views

GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...

9.8CVSS5.9AI score0.02991EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/08/29 8:6 p.m.17 views

Font-Converter Vulnerable to Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...

9.8CVSS9.7AI score0.02991EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/08/29 5:15 a.m.4 views

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

9.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2022/08/29 5:0 a.m.27 views

CVE-2022-21165 Arbitrary Command Injection

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

9.8CVSS10AI score0.02991EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/29 5:0 a.m.5 views

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

9.8CVSS7.3AI score0.02991EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.3 views

node-js-font-converter 安全漏洞

node-js-font-converter is a FontForge wrapper for zgec individual developers. It allows conversion between different font formats TTF, WOFF, OTF. A security vulnerability exists in all versions of the node-js-font-converter package, which stems from a lack of sanitization of input that may be...

9.8CVSS7.1AI score0.02991EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.4 views

Malicious code in uplex-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8368b463b71f466eecd3d878bec93228d62f8ea08c428859cd8ba850d292543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.3 views

Malicious code in duplex-child-rocess (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3ec325a6dc92f083b06d506e89526c20430b1740c4af5e7d3df470e48c455f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.3 views

Malicious code in duplex-child-orocess (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80c9a50168c6e1e994ec5162bc0269e152ff4c19a7341943ecde6cd1574a2ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/08/19 3:55 a.m.5 views

MAL-2022-2614 Malicious code in duplex-child-orocess (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80c9a50168c6e1e994ec5162bc0269e152ff4c19a7341943ecde6cd1574a2ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/08/19 3:55 a.m.5 views

MAL-2022-6813 Malicious code in uplex-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8368b463b71f466eecd3d878bec93228d62f8ea08c428859cd8ba850d292543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/08/19 3:55 a.m.7 views

MAL-2022-2615 Malicious code in duplex-child-rocess (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3ec325a6dc92f083b06d506e89526c20430b1740c4af5e7d3df470e48c455f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Snyk
Snyk
added 2022/08/07 1:33 p.m.1 views

Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF Affected versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC ...

9.8CVSS7.2AI score0.02991EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.5 views

NodePDF 命令注入漏洞

NodePDF is a PDF rendering tool based on Node.js. A security vulnerability exists in NodePDF version 1.3.0, which stems from the fact that during PDF rendering, input passed to the Pdf function is escaped by the shell and passed to childprocess.exec. However, shell escaping does not correctly...

9.8CVSS8.3AI score0.01444EPSS
Exploits1References3
OSV
OSV
added 2022/07/14 12:0 a.m.4 views

GHSA-WF5X-CR3R-XR77 vm2 before 3.6.11 vulnerable to sandbox escape

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS6.1AI score0.00974EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/07/13 8:20 a.m.23 views

CVE-2019-10761 Sandbox Bypass

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS8.5AI score0.00974EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.18 views

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 prior to 3.6.11, which stems from reaching the stack call limit via infinite...

8.3CVSS8.1AI score0.00974EPSS
Exploits1References4
OSV
OSV
added 2022/05/24 5:21 p.m.3 views

GHSA-8J9V-QHP4-WV55 Node-Traceroute RCE Vulnerability

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

9.8CVSS5.9AI score0.04286EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2022/05/18 1:29 a.m.4 views

Mozilla: Speech Synthesis feature not properly disabled

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of the parent process not properly checking whether the Speech Synthesis feature is enabled when receiving instructions from a child process...

6.5CVSS7.3AI score0.00428EPSS
Exploits0References4
Rows per page
Query Builder