This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
Category Archives: Advisories
CVE-2020-28451
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.
CVE-2020-7795
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
golang-1.18.5-1.fc36
FEDORA-2022-1f829990f0
Packages in this update:
golang-1.18.5-1.fc36
Update description:
go1.18.5 includes security fixes to the encoding/gob and math/big packages, as well as bug fixes to the compiler, the go command, the runtime, and the testing package.
ZDI-22-1037: NetBSD Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1036: NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1038: Lexmark MC3224i Firmware Downgrade Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability.
Backdoor.Win32.Destrukor.20 / Unauthenticated Remote Command Execution
Posted by malvuln on Aug 01
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Destrukor.20
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 6969. Third-party adversaries
who can reach infected hosts can run commands made available by the…