@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15598 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15598 Source advisory: OSV:GHSA-J7FQ-P9Q7-5WFV...

GHSA-J7FQ-P9Q7-5WFV Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

GHSA-MXQ6-VRRR-PPMG Duplicate Advisory: tree-kill vulnerable to remote code execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-884p-74jh-xrg2. Ths link is maintained to preserve external references. Original Description A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to contr...

new packages: tree-pkg

An update is available for tree-pkg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

GHSA-8987-93FH-RCWQ phpMyAdmin Cross-site Scripting (XSS) vulnerability

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

phpMyAdmin Cross-site Scripting (XSS) vulnerability

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

OSV-2022-409 Heap-buffer-overflow in std::__1::__tree_node_base<void*>*& std::__1::__tree<std::__1::__value_type<std:

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47391 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::treenodebase& std::1::treestd::1::valuetypestd: std::1::pairstd::1::treeiteratorstd::1::valuetypestd::1::basic...

CVE-2022-23165

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

steal user funds with front-running when he calls depositTokens() of MerkleVesting and MerkleResistor with wrong treeIndex (uninitiated)

Lines of code Vulnerability details Impact This nature of this bug is similar in MerkleVesting and MerkleResistor and MerkleDropFactory, so I only write MerkleDropFactory version: If a user calls depositTokens with wrong treeIndex value by mistake, attacker can perform front-running attack and...

GHSA-V965-WWRQ-GXFG Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

GSD-2022-1001509 net: dsa: fix panic on shutdown if multi-chip tree failed to probe

net: dsa: fix panic on shutdown if multi-chip tree failed to probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001190 net: dsa: fix panic on shutdown if multi-chip tree failed to probe

net: dsa: fix panic on shutdown if multi-chip tree failed to probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

...

The vulnerability in the fs/quota/quota_tree.c component of Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the fs/quota/quotatree.c component in Linux operating systems is related to the use of memory after it is freed during the checking of the block number in the fs/quota/quotatree.c file. Exploiting this vulnerability can allow an attacker to cause a service failure...

In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

...

DEBIAN-CVE-2021-4149

A vulnerability was found in btrfsalloctreeb in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service DOS due to a deadlock problem...

UBUNTU-CVE-2021-4149

A vulnerability was found in btrfsalloctreeb in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service DOS due to a deadlock problem...