Giovannipajeu1

**Name of the Vulnerable Software and Affected Versions** Postman versions 10.22 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` settings. It is related to a buffer overflow when handling PDF files without checking the size of the input data. The vendor disputes the report's accuracy, stating that the configuration does not enable remote code execution. **Recommendations** For Postman versions 10.22 and earlier, as a temporary workaround, consider disabling the `RunAsNode` and `enableNodeClilnspectArguments` settings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Discord for macOS version 0.0.291 and before **Description** An issue in Discord for macOS allows remote attackers to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` settings. **Recommendations** For Discord for macOS version 0.0.291 and before, update to a version later than 0.0.291 to resolve the issue. As a temporary workaround, consider disabling the `RunAsNode` and `enableNodeClilnspectArguments` settings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Kap for macOS versions 3.6.0 and earlier **Description** The issue allows remote attackers to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` settings. **Recommendations** For Kap for macOS versions 3.6.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyper versions 3.4.1 and earlier **Description** The issue allows remote attackers to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` settings. **Recommendations** For Hyper versions 3.4.1 and earlier, consider disabling the `RunAsNode` and `enableNodeClilnspectArguments` settings as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Loom on macOS version 0.196.1 and before **Description** An issue in Loom allows remote attackers to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` settings. The vendor disputes this issue because it requires local access to a victim's machine. **Recommendations** For Loom on macOS version 0.196.1 and before, as a temporary workaround, consider disabling the `RunAsNode` and `enableNodeClilnspectArguments` settings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evernote for MacOS version 10.68.2 **Description** An issue in Evernote for MacOS allows a remote attacker to execute arbitrary code via the `RunAsNode` and `enableNodeClilnspectArguments` components. This is related to a buffer overflow in memory. The exploitation of this issue can allow a remote attacker to execute arbitrary code. **Recommendations** For Evernote for MacOS version 10.68.2, upgrade to the latest version (10.72.2) as soon as possible. As a temporary workaround, consider disabling the `RunAsNode` and `enableNodeClilnspectArguments` components until a patch is applied. Restrict access to these components to minimize the risk of exploitation.