286 matches found
CVE-2026-50289 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...
CVE-2026-50289
CVE-2026-50289 affects the Node.js library systeminformation prior to v5.31.7. The Linux implementation of networkInterfaces() builds a shell command using an interpolated, unquoted path from /etc/network/interfaces via checkLinuxDCHPInterfaces(), then executes it with a shell, creating a command...
GHSA-5XPP-75JX-M839 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
CVE-2026-9716
CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...
CVE-2026-9716
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
EUVD-2026-39433
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
Malicious code in oh-my-ashclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...
SUSE CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724
A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell...
Oracle Flow Manufacturing 安全漏洞
Oracle Flow Manufacturing is a production and manufacturing process management system developed by Oracle, a company in the United States. Versions 12.2.9 to 12.2.15 of Oracle Flow Manufacturing contain security vulnerabilities. These vulnerabilities stem from issues with the Security component,...
CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724
CVE-2026-44724 affects the node.js library systeminformation (Linux) from versions 4.17.0 through 5.31.5. The issue is a command-injection flaw in networkInterfaces() caused by unsanitized NetworkManager connection profile names being interpolated into shell commands executed via execSync(), afte...
CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
systeminformation 操作系统命令注入漏洞
SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...
MAL-2026-4635 Malicious code in payment-account-input-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed a use-after-free in nfs4initclient. KASAN reported a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to exploit this issue with...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection in the networkInterfaces function when handling NetworkManager connection profile names obtained from nmcli device status output. An attacker can execute...