Lucene search
+L

112 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2001-1491

Malware in sbrugna...

10CVSS6.4AI score0.01422EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4117

Malware in sbrugna...

4.5CVSS5.6AI score0.00344EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/09/06 1:34 a.m.4 views

CVE-2025-58358

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

7.5CVSS8.7AI score0.0099EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/27 12:0 a.m.12 views

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 136.0.4 and...

10CVSS8.6AI score0.08404EPSS
Exploits6References6
osv
osv
added 2024/07/23 9:17 a.m.8 views

OPENSUSE-SU-2024:0214-1 Security update for python-sentry-sdk

This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. bsc1228128...

5.3CVSS5AI score0.00198EPSS
Exploits0References3
github
github
added 2024/07/18 5:18 p.m.27 views

Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

5.3CVSS5AI score0.00198EPSS
Exploits0References11Affected Software1
ibm
ibm
added 2024/01/29 7:16 p.m.21 views

Security Bulletin: Vulnerabilities in GSKit affect Content Manager Enterprise Edition (CVE-2015-7421)

Summary Vulnerabilities were discovered in GSKit. Content Manager Enterprise Edition uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG...

5CVSS3.9AI score0.01847EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2023/12/08 12:0 a.m.6 views

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...

6.1CVSS8.3AI score0.01326EPSS
Exploits0References8
f5
f5
added 2023/02/21 6:35 p.m.158 views

K32957101: Apache HTTPD vulnerability CVE-2019-0211

Security Advisory Description In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of...

7.8CVSS7.4AI score0.65005EPSS
Exploits8
susecve
susecve
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

4.7CVSS5.4AI score0.00279EPSS
Exploits0References13
veracode
veracode
added 2022/10/04 9:55 a.m.37 views

Command Injection

snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute function of sub-process.js because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system...

7.8CVSS7.4AI score0.00551EPSS
Exploits1References5Affected Software1
osv
osv
added 2022/09/20 12:47 p.m.18 views

SUSE-SU-2022:3320-1 Security update for vsftpd

This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack bsc1187678, bsc1187686, PM-3322. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. - Allowed wait4 to be called so that the broker can wait for its...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References7
osv
osv
added 2022/05/16 6:15 p.m.6 views

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...

7.8CVSS7.1AI score0.0019EPSS
Exploits0References1
cvelist
cvelist
added 2022/05/16 5:19 p.m.19 views

CVE-2022-30695 Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...

8.1AI score0.0019EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/05/16 12:0 a.m.10 views

Acronis Snap Deploy 安全漏洞

Acronis Snap Deploy, an Acronis platform for bulk deployment of system images, is vulnerable to an elevation of privilege vulnerability that stems from assigning too many privileges to child processes, which could be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS7.3AI score0.0019EPSS
Exploits0References2
osv
osv
added 2022/02/04 11:15 p.m.3 views

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...

7.8CVSS5.8AI score0.00209EPSS
Exploits0References1
cvelist
cvelist
added 2022/02/04 10:29 p.m.17 views

CVE-2022-24113 Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...

8.1AI score0.00209EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/04/18 12:0 a.m.6 views

ps-visitor 命令注入漏洞

npm ps-visitor is an application from npm, Inc. node.js access commands ps aux and kill. ps-visitor has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input validation...

9.8CVSS8.7AI score0.01336EPSS
Exploits1References3
cnnvd
cnnvd
added 2021/04/18 12:0 a.m.5 views

npm portkiller 命令注入漏洞

npm Portkiller is an application from the American company npm. Provides a kill port function. Portkiller has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input...

9.8CVSS8.6AI score0.01336EPSS
Exploits1References3
cnnvd
cnnvd
added 2021/04/18 12:0 a.m.3 views

npm onion-oled-js 命令注入漏洞

npm onion-oled-js is an application from the American company npm. A JS library is provided that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. A security vulnerability exists in onion-oled-js that can be exploited by an attacker to...

9.8CVSS8.6AI score0.02972EPSS
Exploits1References3
Rows per page
Query Builder