CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35897
https://notcve.org/view.php?id=CVE-2020-35897
31 Dec 2020 — An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. Se detectó un problema en la crate atom versiones anteriores a 0.3.6 para Rust. Una implementación de Envío no segura permite una carrera de datos entre subprocesos. • https://rustsec.org/advisories/RUSTSEC-2020-0044.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10620
https://notcve.org/view.php?id=CVE-2016-10620
01 Jun 2018 — atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. atom-node-module-installer instala módulos de node para las aplicaciones atom-shell. atom-node-module-installer desc... • https://nodesecurity.io/advisories/216 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.3EPSS: 93%CPEs: 14EXPL: 5CVE-2018-1000006 – Google Web Designer URI Parsing Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1000006
24 Jan 2018 — GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. GitHub Electron en versiones 1.8.2-beta.3 y anteriores, 1.7.10 y anteriores y 1.6.15 y anteriores tiene una vulnerabili... • https://packetstorm.news/files/id/146947 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1000424
https://notcve.org/view.php?id=CVE-2017-1000424
02 Jan 2018 — Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. Github Electron, de las versiones 1.6.4 a la 1.6.11 y 1.7.0 a 1.7.5, es vulnerable a un problema de suplantación de URL al abrir PDF en PDFium. Esto resulta en la carga de PDF arbitrarios que pueden ser controlados por un hacker. • https://github.com/electron/electron/pull/10008 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1202
https://notcve.org/view.php?id=CVE-2016-1202
25 Apr 2016 — Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. Vulnerabilidad de ruta de búsqueda no confiable en Atom Electron en versiones anteriores a 0.33.5 permite a usuarios locales obtener privilegios a través de un módulo Node.js troyano en un directorio padre de un directorio nombrado en una linea requerida. • http://jvn.jp/en/jp/JVN00324715/index.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3134 – Atom Photoblog 1.0.1/1.0.9 - 'AtomPhotoblog.php' Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3134
08 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en atomPhotoBlog.php de Atom PhotoBlog 1.0.9 y versiones anteriores permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante los campos (... • https://www.exploit-db.com/exploits/30161 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3135
https://notcve.org/view.php?id=CVE-2007-3135
08 Jun 2007 — Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en atomPhotoBlog.php de Atom Photoblog 1.0.9 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro tag. • http://osvdb.org/37046 •