PT-2022-33330 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the ALSA timer and the use of a deferred fasync helper. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-33329 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the ALSA pcm and the use of a deferred fasync helper. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

Command Injection

deferred-exec is vulnerable to command injection. The vulnerability exists in deferredChildProcess function in deferred-exec.js because the command execution is not properly validated which allows an attacker to inject and execute malicious commands...

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: OSV:GHSA-54W4-2F2P-F48H...

deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

GHSA-54W4-2F2P-F48H deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

Code injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438 Command Injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438

CVE-2020-28438 affects all versions of the npm package deferred-exec. The vulnerability is a command injection in the deferred-exec.js file, with the injection point at line 42 in lib/deferred-exec.js. Multiple sources describe the issue as a command injection affecting the package, without detai...

deferred-exec 命令注入漏洞

deferred-exec is a tool for running exec commands by Dan Heberden, an individual developer in the United States. A security vulnerability exists in deferred-exec, which stems from a command injection attack injection point in deferred-exec.js...

PT-2022-8894 · Unknown · Deferred-Exec

Name of the Vulnerable Software and Affected Versions: deferred-exec affected versions not specified Description: A command injection issue affects the package. The injection point is located in line 42 in lib/deferred-exec.js. Recommendations: At the moment, there is no information about a newer...

Spring Security 5.8.0-M1 and 6.0.0-M6 are released

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.8.0-M1 and 6.0.0-M6 are available now. This release includes dependency upgrades, bug fixes, and enhancements. Here are a few noteworthy changes: Deferred SecurityContext lookup...

CVE-2022-32325

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c...

MAL-2022-6252 Malicious code in spotify-deferred (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2665986f80cacf7d64c6c00419b413a689365ff64f0eb34858060afdae10727 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in spotify-deferred (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2665986f80cacf7d64c6c00419b413a689365ff64f0eb34858060afdae10727 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ac-deferred (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32594b5b047f8c71692c64ec392741a63f3d71131a5891745149aa1ee5f7d3cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-814 Malicious code in ac-deferred (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32594b5b047f8c71692c64ec392741a63f3d71131a5891745149aa1ee5f7d3cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Adconion Execs Plead Guilty in Federal Anti-Spam Case

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct now Amobee have pleaded guilty to lesser misdemeanor charges of fraud and...

GSD-2022-1002506 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction

ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

OESA-2022-1612 openvpn security update

OpenVPN can be extended through the --plugin option, which provides possibilities to add specialized authentication, user accounting, packet filtering and related features. These plug-ins need to be written in C and provides a more low-level and information rich access to similar features as the...