14 matches found
Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...
EUVD-2020-1483
Malware in sbrugna...
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...
Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities
Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is affected by opennms-opennms-source-26.0.0-1 dependent packages. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2020-8116 DESCRIPTION: Node.js dot-prop could allow a...
Malicious code in nodenotiier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914779ec8a28d8e69a3d7753cc1808a99f9d3030ed7ed56f6357e1d953ac8fb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
nodejs-node-notifier: command injection due to the options params not being sanitised when being passed an array
A flaw was found in node-notifier. An attacker can run arbitrary commands on Linux machines due to the options params not being sanitized when being passed an array...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2.2 security and bug fix update
An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
OS Command Injection in node-notifier
This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array...
GHSA-5FW9-FQ32-WV5P OS Command Injection in node-notifier
This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array...
CVE-2020-7789
A flaw was found in node-notifier. An attacker can run arbitrary commands on Linux machines due to the options params not being sanitized when being passed an array...
CVE-2020-7789
This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array...
CVE-2020-7789
CVE-2020-7789 affects the package node-notifier prior to 9.0.0. The flaw allows an attacker to run arbitrary commands on Linux machines because the options params are not sanitised when passed as an array. Remediation: upgrade node-notifier to a fixed version (9.0.0 or newer). The connected docum...
Mikaelbr Node-notifier Operating System Command Injection Vulnerability
Mikaelbr Node-notifier is a Javascript-based codebase for sending rulers for Mac, Windows, and Linux by the individual developer Mikaelbr. A security vulnerability exists in node-notifier versions prior to 9.0.0, which allows an attacker to exploit the vulnerability to run arbitrary commands on a...
Command Injection
Overview node-notifier is an A Node.js module for sending notifications on native Mac, Windows post and pre 8 and Linux or Growl as fallback Affected versions of this package are vulnerable to Command Injection. It allows an attacker to run arbitrary commands on Linux machines due to the options...