33 matches found
AZL-37146 CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...
PT-2025-53992
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists within the ksmbd module, specifically in the smb2 lock function. The issue occurs when the argv variable is not properly freed under certain conditions: when setup...
SUSE CVE-2009-0314
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
SUSE CVE-2017-9430
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service application crash or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv0. An example threat model is a web application...
kernel: exec: Force single empty string when argv is empty
In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...
CLSA-2022-1643291562 Fix of CVE: CVE-2021-4034
CVE-2021-4034: polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector...
CLSA-2022-1643212149 Fix of CVE: CVE-2021-4034
CVE-2021-4034: polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector...
CVE-2011-5130
dev/less.php in Family Connections CMS FCMS 2.5.0 - 2.7.1, when registerglobals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv1 parameter...
python: untrusted python modules search path
Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...
systemtap: Crash with systemtap script using __get_argv()
Multiple integer signedness errors in the 1 getargv and 2 getcompatargv functions in tapset/auxsyscalls.stp in SystemTap 1.1 allow local users to cause a denial of service script crash, or system crash or hang via a process with a large number of arguments, leading to a buffer overflow...
[SA13352] FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability
TITLE: FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability SECUNIA ADVISORY ID: SA13352 VERIFY ADVISORY: http://secunia.com/advisories/13352/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS WHERE: Local system OPERATING...
Remote CVS <= 1.11.15 (error_prog_name) Remote Exploit
Exploit for linux platform in category remote exploits ====================================================== Remote CVS = 1.11.15 errorprogname Remote Exploit ====================================================== Remote CVS = 1.11.15 exploit for the errorprogname double free vuln. by Gyan...
CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
More info at https://symfony.com/cve-2026-46626...