Lucene search
K

143 matches found

OSV
OSV
added 2022/06/13 6:1 a.m.8 views

MAL-2022-1670 Malicious code in brave-core-crx-packager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d659bff6641ae2eba134b7096de9c5134287f99bb6aad5396c9f30be533d099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNVD
CNVD
added 2021/10/14 12:0 a.m.8 views

GPAC punch zone overflow vulnerability (CNVD-2021-84265)

GPAC MP4Box is multimedia packager. It is mainly used for working with ISOBMF files e.g. MP4, 3GP, but it can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, and so on. A security vulnerability exists in GPAC MP4Box that originates when a networked syste...

5.5CVSS7.2AI score0.00738EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.29 views

Gpac MP4Box memory leak vulnerability

Gpac MP4Box is a multimedia packager. It is mainly used to process ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box suffers from a memory leak vulnerability that can be exploited by attackers to cause a...

5.5CVSS5.2AI score0.00738EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/14 12:0 a.m.21 views

Gpac MP4Box Buffer Overflow Vulnerability (CNVD-2022-04963)

Gpac MP4Box is a multimedia packager. It is mainly used to handle ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box 1.1.0 suffers from a buffer overflow vulnerability that can be exploited by attackers to...

7.5CVSS5AI score0.01166EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.4 views

gpac MP4Box安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used for working with ISOBMF files e.g. MP4, 3GP, but it can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, and so on. A security vulnerability exists in GPAC MP4Box that originates when a networked syste...

5.5CVSS6.2AI score0.00738EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.4 views

Gpac MP4Box 缓冲区错误漏洞

Gpac MP4Box is a multimedia packager. It is mainly used to handle ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box 1.1.0 suffers from a buffer overflow vulnerability that can be exploited by attackers to...

7.5CVSS6AI score0.01166EPSS
Exploits1References4
CNVD
CNVD
added 2021/07/23 12:0 a.m.35 views

GPAC MP4Box code issue vulnerability

GPAC MP4Box is a multimedia packager. It is mainly used to process ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.GPAC MP4Box version 0.8.0 has a security vulnerability, which stems from an issue found in...

5.5CVSS4.8AI score0.008EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2019/06/03 5:26 p.m.4 views

fis-nm (>=1.0.0 <=1.0.3), fis-packager-autopack (>=0.0.19 <=0.2.1) +6 more potentially affected by unknown CVE via concat-stream (=1.4.1)

concat-stream NPM version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on concat-stream and may be impacted: - fis-nm =1.0.0, =0.0.19, =0.0.1, =0.0.1, =0.0.5, =0.0.6, =0.4.1, =0.4.0, =0.4.1 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
OSV
OSV
added 2019/02/18 11:58 p.m.27 views

GHSA-Q43M-FFWR-RPCC SSL Validation Defaults to False in electron-packager

Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

5.9CVSS5.7AI score0.00952EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/02/18 11:58 p.m.28 views

SSL Validation Defaults to False in electron-packager

Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

5.9CVSS3.8AI score0.00952EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2018/07/15 10:10 p.m.30 views

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

7AI score
Exploits0References5
CNVD
CNVD
added 2018/06/04 12:0 a.m.3 views

electron-packager Man-in-the-Middle Attack Vulnerability

electron-packager is a tool for packaging applications into executables based on different platforms. A security vulnerability exists in electron-packager versions 5.2.1 through 6.0.0 and 6.0.0 through 6.0.2, which stems from the '--strict-ssl' command line option being set by default to 'false '...

5.9CVSS7AI score0.00952EPSS
Exploits0References1
NVD
NVD
added 2018/05/31 8:29 p.m.19 views

CVE-2016-10534

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...

5.9CVSS5.8AI score0.00952EPSS
Exploits0References2
OSV
OSV
added 2018/05/31 8:29 p.m.18 views

CVE-2016-10534

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...

5.9CVSS6.1AI score
Exploits0References2
Prion
Prion
added 2018/05/31 8:29 p.m.11 views

Command injection

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...

4.3CVSS7.2AI score0.00952EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/05/31 8:0 p.m.69 views

CVE-2016-10534

CVE-2016-10534 affects electron-packager where the --strict-ssl option is defaulted to false in versions 5.2.1–6.0.0 and 6.0.0–6.0.2 unless explicitly set to true. This enables potential MITM attacks during Electron downloads for supported targets. Connected advisories corroborate the MITM risk a...

5.9CVSS5.7AI score0.00952EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.17 views

CVE-2016-10534

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...

5.8AI score0.00952EPSS
Exploits0References2
Gitee
Gitee
added 2018/03/27 5:12 p.m.12 views

Exploit for CVE-2017-8570

This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...

9.3CVSS7.5AI score0.89889EPSS
Exploits14
NVD
NVD
added 2018/03/01 8:29 p.m.16 views

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

9.3CVSS8.1AI score0.02326EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 8:29 p.m.23 views

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

7.8CVSS8.2AI score0.02326EPSS
Exploits0References3
Rows per page
Query Builder