EUVD-2021-0859

Malware in sbrugna...

GHSA-QFXV-QQVG-24PG OS Command Injection in im-metadata

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

OS Command Injection in im-resize

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

Command Injection

Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...

kernel: thp: prevent hugepages during args/env copying into the user stack

mm/hugememory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page THP during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service memory consumption or possibly have unspecified other impact via ...