109 matches found
FreeBSD-SA-21:11.smap
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits: I lost my dog if you see him...
False-positive validity for NFT1 genesis transactions in SLPJS
Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
Command injection
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...
CVE-2020-4059 Command Injection in mversion
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
Mail.ru: Sensitive information exposure via git commit
Token for a test ICQ bot account was leaked via git commit data for opensource Jira plugin...
GHSA-QJG4-W4C6-F6C6 Command injection in mversion
Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...
Command injection in mversion
Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...
Node.js third-party modules: [last-commit-log] Command Injection
I would like to report Command Injection in last-commit-log It allows execution of arbitrary commands Module module name: last-commit-log version: [email protected] npm page: https://www.npmjs.com/package/last-commit-log Module Description Node.js module to get the last git commit information...
CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...
Security update for helm (moderate)
openSUSE Security Update: Security update for helm Announcement ID: openSUSE-SU-2019:1703-1 Rating: moderate References: 1118897 1118898 1118899 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes thr...
CVE-2019-1010315
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig dsdiff.c:282. The attack vector is: Maliciously crafted .wav file. The fixed...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
Design/Logic Flaw
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The CVE-2018-1000199 entry concerns the Linux kernel (v3.18) where modify_user_hw_breakpoint() contains a ptrace-related handling flaw. This flaw can allow a local attacker to crash the kernel and, per other sources, may enable memory corruption or local code execution via ptrace. The issue is ro...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services
An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...