564 matches found
CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
CVE-2022-29256
CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...
CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
sharp 操作系统命令注入漏洞
sharp is a program by the individual developers at lovell for converting large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF and AVIF images of different sizes. An operating system command injection vulnerability exists in versions prior to sharp 0.30.5. An attacker can...
PT-2022-19504 · Npm · Sharp
Name of the Vulnerable Software and Affected Versions: sharp versions prior to 0.30.5 Description: The issue is related to a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set th...
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved t...
sharpimagesalonspa.ca Cross Site Scripting vulnerability OBB-2345740
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Microsoft Windows Explorer Preview Pane Security Bypass Vulnerability
Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt. Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Exploit Author: Eduar...
Exploit for CVE-2021-1675
C and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527...
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Buffer Overflow CWE-120 - CVE-2021-20699 Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC...
JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...
See Ya Sharp: A Loaders Tale | McAfee Blogs
ARCHIVED STORY See Ya Sharp: A Loader’s Tale Max Kersten · Aug 04, 2021 Introduction The DotNet based CyaX-Sharp loader, also known as ReZer0, is known to spread commodity malware, such as AgentTesla. In recent years, this loader has been referenced numerous times, as it was used in campaigns...
JustArchiNET ArchiSteamFarm 输入验证错误漏洞
ArchiSteamFarm is a C application whose main purpose is to idle Steam cards from multiple accounts simultaneously. An input validation error vulnerability exists in JustArchiNET ArchiSteamFarm. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...
Unauthorized Access Vulnerability in MX-4070V of Sharp Trading (China) Co.
MX-4070V is a printer product of Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Co. MX-4070V, which can be exploited by attackers to obtain sensitive information...
Weak Password Vulnerability in MX-M316N of Sharp Trading (China) Co.
Sharp Trading China Co., Ltd. is a foreign enterprise that distributes and wholesales household appliances, LCD TVs, air conditioners, cell phones, printers and other products. A weak password vulnerability exists in Sharp Trading China Co. MX-M316N, which can be exploited by attackers to obtain...
Unauthorized Access Vulnerability in MX-M316N at Sharp Trading (China) Co.
The MX-M316N is a printer from Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Co. MX-M316N, which can be exploited by attackers to obtain sensitive information...
Unauthorized Access Vulnerability in Various Products of Sharp Trading (China) Co.
DX-2008UC and others are printer products of Sharp Trading China Co. An unauthorized access vulnerability exists in a number of Sharp Trading China Ltd. products, which can be exploited by attackers to obtain sensitive information...
Unauthorized Access Vulnerability in MX-M565N of Sharp Trading (China) Co.
The MX-M565N is a digital composite printer from Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Ltd MX-M565N, which can be exploited by attackers to obtain sensitive information...
Unauthorized Access Vulnerability in MX-M362N at Sharp Trading (China) Co.
The MX-M362N is a digital composite printer from Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Ltd MX-M362N, which can be exploited by attackers to obtain sensitive information...
Unauthorized Access Vulnerability in MX-2310F at Sharp Trading (China) Co.
The MX-2310F is a printer from Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Co. MX-2310F, which can be exploited by attackers to obtain sensitive information...