141 matches found
CVE-2022-48357
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...
SUSE CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
SUSE CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
SUSE CVE-2022-2596
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...
CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wprajaxsearchlinktarget' parameter in the 'datafetch' function. This makes it possibl...
The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.
The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created web page...
4i18n-cli (>=0.0.2 <=0.0.7), @about7sharks/get-articles (>=0.0.1 <=0.0.22) +114 more potentially affected by CVE-2022-2596 via node-fetch (>=3.0.0 <=3.2.1)
node-fetch NPM version =3.0.0, =0.0.2, =0.0.1, =1.1.0, =1.273.2, =1.0.0, =7.0.0, =2.14.0, =0.9.0, =0.10.1, =0.5.1, =0.7.0 and more Source cves: CVE-2022-2596 Source advisory: OSV:GHSA-VP56-6G26-6827...
UBUNTU-CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
PT-2022-7286
Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...
Command Injection
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...
CVE-2021-22041
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
Double free
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
CVE-2021-22041
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
CVE-2021-22041
CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...
VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities
Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...
Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch
Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...
The vulnerability of the fetch module in the Ansible configuration management system stems from deficiencies in path name restrictions, allowing attackers to access confidential data and compromise its integrity.
The vulnerability of the fetch module in the Ansible configuration system is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to access confidential data and compromise its integrity...
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
PT-2021-7962 · Sssd +10 · Sssd +10
Name of the Vulnerable Software and Affected Versions: SSSD affected versions not specified Description: The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access ...
The vulnerability of the node-fetch library in the Aurora Center’s application software, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the node-fetch library in Aurora Application Software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to deny services through a specially crafted regular expression...