NPM: electerm's encrypt method not safe enough

NPM: electerm's encrypt method not safe enough vulnerability discovered by ? in WordPress Npm electerm versions 3.9.5...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

GHSA-FPR8-4WVX-J9Q3 node-qpdf vulnerable to command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

PT-2023-20534 · Node-Qpdf · Node-Qpdf

Name of the Vulnerable Software and Affected Versions: node-qpdf versions all Description: The issue arises from the encrypt method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can...

PT-2019-1354 · Gnupg +2 · Python-Gnupg +2

Name of the Vulnerable Software and Affected Versions: python-gnupg version 0.4.3 Description: The issue is related to improper input validation, allowing context-dependent attackers to trick gnupg into decrypting other ciphertext than intended. This can be achieved if the passphrase to gnupg is...