23 matches found
EUVD-2018-0199
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16042
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command...
MAL-2024-6765 Malicious code in battery-growl (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in battery-growl (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview battery-growl is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using battery-growl...
Growl Command Execution Vulnerability
Growl is a notification system that supports Node.js. A security vulnerability exists in Growl versions prior to 1.10.2 that stems from the program failing to properly filter input before passing it to shell commands. An attacker can exploit the vulnerability to execute arbitrary commands...
GHSA-QH2H-CHJ9-JFFQ Growl before 1.10.0 vulnerable to Command Injection
Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution. Recommendation Update to version 1.10.0 or later...
Growl before 1.10.0 vulnerable to Command Injection
Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution. Recommendation Update to version 1.10.0 or later...
helper-clockmaker (=1.0.3), jasmine-runner (>=0.1.0 <=0.2.9) +1 more potentially affected by CVE-2017-16042 via growl (=1.0.2)
growl NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on growl and may be impacted: - helper-clockmaker =1.0.3 - jasmine-runner =0.1.0, =0.6.2, =0.8.0 Source cves: CVE-2017-16042 Source advisory: OSV:GHSA-QH2H-CHJ9-JFFQ...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
AZL-44547 CVE-2017-16042 affecting package js-jquery 3.5.0-4
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
DEBIAN-CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
Command injection
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
UBUNTU-CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
The CVE-2017-16042 entry concerns Growl for Node.js. Affected: growl prior to version 1.10.2. Root cause: input is not properly sanitized before being passed to exec, enabling arbitrary command execution. Impact: remote command execution via crafted input in the Growl integration for nodejs. Expl...