2681 matches found
PT-2022-36760 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state includes functions such as pack unpack, mrb pack unpack, and mrb vm exec. Recommendations: At the moment, there is no...
Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...
AZL-79026 CVE-2022-41716 affecting package golang 1.25.7-1
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...
Improper Neutralization of Null Byte or NUL Character
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
Improper Neutralization of Null Byte or NUL Character
Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
GO-2022-1095 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
[SECURITY] [DSA 5260-1] lava security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5260-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2022 https://www.debian.org/security/faq -...
go -- syscall, os/exec: unsanitized NUL in environment variables
The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
...
Metasploit Weekly Wrap-Up
Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...
Veritas Backup Exec Agent Remote Code Execution
frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...
Veritas Backup Exec Agent Remote Code Execution Exploit
Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized...
Veritas Backup Exec Agent Remote Code Execution
Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but hadn't yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized...
GSD-2022-1005822 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
posix-cpu-timers: Cleanup CPU timers before freeing them during exec This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...
GSD-2022-1005555 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
posix-cpu-timers: Cleanup CPU timers before freeing them during exec This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005193 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
posix-cpu-timers: Cleanup CPU timers before freeing them during exec This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...