EUVD-2021-0900

Malware in sbrugna...

CVE-2023-27197

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability...

PT-2023-20998 · Pax · Pax A930 +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722 Description: The issue allows an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell...

xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)

A command injection vulnerability affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

CVE-2020-28447 Command Injection

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

CVE-2021-43308

An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...

PT-2022-11820 · Npm · Markdown-Link-Extractor

Name of the Vulnerable Software and Affected Versions: markdown-link-extractor npm package affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered when an attacker supplies arbitrary input to the module's...

Softing OPC UA C++ SDK 缓冲区错误漏洞

The Softing OPC UA C++ SDK is a development kit from Softing Germany. It is used to quickly and easily integrate OPC UA clients and servers. A buffer error vulnerability exists in the Softing OPC-UA C++ SDK that stems from an exported library function that does not properly validate received...

GHSA-2CF2-2383-H4JV Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

GHSA-487W-PQCM-63HQ Command injection in buns

There is a command injection vulnerability in all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule...

CVE-2020-7794

This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule...

Code injection

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...