200101WhoAmI

7 exploits Active since Sep 2023
CVE-2024-20746 NOMISEC HIGH
Premiere Pro <24.1, 23.6.2 - Code Injection
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS 7.8
CVE-2024-22526 NOMISEC MEDIUM WRITEUP
Bandisoft BandiView 7.0 - Buffer Overflow
Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
CVSS 5.5
CVE-2024-23339 NOMISEC MEDIUM WRITEUP
hoolock 2.0.0-2.2.1 - Prototype Pollution via Object Path Utility Functions
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.
CVSS 6.3
CVE-2024-27088 NOMISEC NONE WORKING POC
es5-ext 0.10.0-0.10.62 - Inefficient Regular Expression Complexity in function#copy and function#toStringTokens
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
CVE-2023-45827 NOMISEC HIGH WRITEUP
clickbar/dot-diver < 1.0.2 - Prototype Pollution via setByPath Function
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.
CVSS 7.3
CVE-2023-50245 NOMISEC CRITICAL WRITEUP
openexr_viewer < 0.6.1 - Buffer Overflow
OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1.
CVSS 9.8
CVE-2023-43646 NOMISEC HIGH WORKING POC
get-func-name < 2.0.1 - Denial of Service via Inefficient Regular Expression Complexity
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.6