143 matches found
MAL-2022-1670 Malicious code in brave-core-crx-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d659bff6641ae2eba134b7096de9c5134287f99bb6aad5396c9f30be533d099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GPAC punch zone overflow vulnerability (CNVD-2021-84265)
GPAC MP4Box is multimedia packager. It is mainly used for working with ISOBMF files e.g. MP4, 3GP, but it can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, and so on. A security vulnerability exists in GPAC MP4Box that originates when a networked syste...
Gpac MP4Box memory leak vulnerability
Gpac MP4Box is a multimedia packager. It is mainly used to process ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box suffers from a memory leak vulnerability that can be exploited by attackers to cause a...
Gpac MP4Box Buffer Overflow Vulnerability (CNVD-2022-04963)
Gpac MP4Box is a multimedia packager. It is mainly used to handle ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box 1.1.0 suffers from a buffer overflow vulnerability that can be exploited by attackers to...
gpac MP4Box安全漏洞
GPAC MP4Box is multimedia packager. It is mainly used for working with ISOBMF files e.g. MP4, 3GP, but it can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, and so on. A security vulnerability exists in GPAC MP4Box that originates when a networked syste...
Gpac MP4Box 缓冲区错误漏洞
Gpac MP4Box is a multimedia packager. It is mainly used to handle ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.Gpac MP4Box 1.1.0 suffers from a buffer overflow vulnerability that can be exploited by attackers to...
GPAC MP4Box code issue vulnerability
GPAC MP4Box is a multimedia packager. It is mainly used to process ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from AVI, MPG, MKV, MPEG-2 TS and other container files.GPAC MP4Box version 0.8.0 has a security vulnerability, which stems from an issue found in...
fis-nm (>=1.0.0 <=1.0.3), fis-packager-autopack (>=0.0.19 <=0.2.1) +6 more potentially affected by unknown CVE via concat-stream (=1.4.1)
concat-stream NPM version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on concat-stream and may be impacted: - fis-nm =1.0.0, =0.0.19, =0.0.1, =0.0.1, =0.0.5, =0.0.6, =0.4.1, =0.4.0, =0.4.1 Source cves: unknown CVE Source advisory:...
GHSA-Q43M-FFWR-RPCC SSL Validation Defaults to False in electron-packager
Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...
SSL Validation Defaults to False in electron-packager
Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...
Memoro - A Detailed Heap Profiler
Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...
electron-packager Man-in-the-Middle Attack Vulnerability
electron-packager is a tool for packaging applications into executables based on different platforms. A security vulnerability exists in electron-packager versions 5.2.1 through 6.0.0 and 6.0.0 through 6.0.2, which stems from the '--strict-ssl' command line option being set by default to 'false '...
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...
Command injection
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...
CVE-2016-10534
CVE-2016-10534 affects electron-packager where the --strict-ssl option is defaulted to false in versions 5.2.1–6.0.0 and 6.0.0–6.0.2 unless explicitly set to true. This enables potential MITM attacks during Electron downloads for supported targets. Connected advisories corroborate the MITM risk a...
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...
Exploit for CVE-2017-8570
This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...