Injection Vulnerability

go has injection vulnerability. The vulnerability exists due to a lack of sanitization in Cmd.Start in os/exec allowing execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: OSV:GHSA-54W4-2F2P-F48H...

deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

GHSA-54W4-2F2P-F48H deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

Code injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438 Command Injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438

CVE-2020-28438 affects all versions of the npm package deferred-exec. The vulnerability is a command injection in the deferred-exec.js file, with the injection point at line 42 in lib/deferred-exec.js. Multiple sources describe the issue as a command injection affecting the package, without detai...

PT-2022-8894 · Unknown · Deferred-Exec

Name of the Vulnerable Software and Affected Versions: deferred-exec affected versions not specified Description: A command injection issue affects the package. The injection point is located in line 42 in lib/deferred-exec.js. Recommendations: At the moment, there is no information about a newer...

deferred-exec 命令注入漏洞

deferred-exec is a tool for running exec commands by Dan Heberden, an individual developer in the United States. A security vulnerability exists in deferred-exec, which stems from a command injection attack injection point in deferred-exec.js...

deterministic-wasi-ctx (=0.1.3), enarx (>=0.5.0 <=0.5.1) +8 more potentially affected by CVE-2022-31146 via wasmtime (=0.37.0)

wasmtime CARGO version =0.37.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - deterministic-wasi-ctx =0.1.3 - enarx =0.5.0, =0.5.1 - enarx-exec-wasmtime =0.5.1 - wasi-tokio =0.37.0 - wasmtime-cli-flags =0.37.0 -...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

DEBIAN-CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

Stack overflow

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

UBUNTU-CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

Sourcegraph gitserver sshCommand RCE

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-17956)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17956 advisory. go-toolset 1.18.3-1 - Update to golang 1.18.3 golang 1.18.3-1.0.1 - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify...