Arbitrary Command Injection

kill-process-by-name is vulnerable to arbitrary command injection. The vulnerability exists due to the use of the childprocess exec function without input sanitization in the index.js file...

Remote Code Execution (RCE)

ps-kill is vulnerable to remote code execution. The childprocess exec function in index.js file does not sanitize the user-provided data to the kill function, allowing to execute malicious code via var pskill = require'ps-kill'; pskill.kill'$touch success',function;...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Input validation

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Design/Logic Flaw

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23355

CVE-2021-23355 affects all versions of the npm package ps-kill . The vulnerability arises from unsafely passing attacker-controlled input to Node.js’s child_process.exec in the index.js kill function, enabling arbitrary command execution. Proof-of-concept demonstrates invoking a shell command via...

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

OS Command Injection

portkiller is vulnerable to OS command injection. An attacker is able to inject and execute malicious command via the use of the childprocess exec function as it does not sanitize the input...

Amazon ECS Exec Now Works with Containers in AWS Fargate

Building in containers offers amazing benefits for development teams – speed, agility, flexibility, scalability, etc...

DEBIAN-CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be...

UBUNTU-CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be...

CVE-2021-27082

CVE-2021-27082 affects the Microsoft Quantum Development Kit for Visual Studio Code (and related components). The connected Nessus record describes a remote code execution vulnerability where a victim who opens specially crafted content could have arbitrary code executed on the system, with the a...

CVE-2021-26890

CVE-2021-26890 is associated with Microsoft Application Virtualization (App-V). CNNVD’s entry describes a code-injection vulnerability affecting App-V across a range of Windows client/server SKUs (e.g., Windows 10 versions 1809–20H2, Windows Server 2019/2022 variants, and Server Core builds). NVD...

CVE-2021-21381 Sandbox escape via special tokens in .desktop file

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be...

Veritas Backup Exec Remote Agent 16.x < 21.2 Multiple Vulnerabilities (VTS21-001)

The version of Veritas Backup Exec Remote Agent installed on the remote Windows host is 16.x prior to 21.2. It is, therefore, affected by multiple vulnerabilities, as follows: - An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires...

Vulnerabilities fixed in Veritas Backup Exec

Veritas has fixed three vulnerabilities in Veritas Backup Exec. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to execute commands under SYSTEM privileges on systems on which a Veritas Backup Exec Agent is installed. In addition, the vulnerabilities can be...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this schem...