112 matches found
EUVD-2001-1491
Malware in sbrugna...
EUVD-2019-4117
Malware in sbrugna...
CVE-2025-58358
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
Mozilla Firefox和Mozilla Firefox ESR 安全漏洞
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 136.0.4 and...
OPENSUSE-SU-2024:0214-1 Security update for python-sentry-sdk
This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. bsc1228128...
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...
Security Bulletin: Vulnerabilities in GSKit affect Content Manager Enterprise Edition (CVE-2015-7421)
Summary Vulnerabilities were discovered in GSKit. Content Manager Enterprise Edition uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG...
Python Security Vulnerabilities
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...
K32957101: Apache HTTPD vulnerability CVE-2019-0211
Security Advisory Description In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of...
SUSE CVE-2017-2616
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...
Command Injection
snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute function of sub-process.js because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system...
SUSE-SU-2022:3320-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack bsc1187678, bsc1187686, PM-3322. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. - Allowed wait4 to be called so that the broker can wait for its...
CVE-2022-30695
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...
CVE-2022-30695 Local privilege escalation due to excessive permissions assigned to child processes
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...
Acronis Snap Deploy 安全漏洞
Acronis Snap Deploy, an Acronis platform for bulk deployment of system images, is vulnerable to an elevation of privilege vulnerability that stems from assigning too many privileges to child processes, which could be exploited by an attacker to cause a local elevation of privilege...
CVE-2022-24113
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...
CVE-2022-24113 Local privilege escalation due to excessive permissions assigned to child processes
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...
ps-visitor 命令注入漏洞
npm ps-visitor is an application from npm, Inc. node.js access commands ps aux and kill. ps-visitor has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input validation...
npm portkiller 命令注入漏洞
npm Portkiller is an application from the American company npm. Provides a kill port function. Portkiller has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input...
npm onion-oled-js 命令注入漏洞
npm onion-oled-js is an application from the American company npm. A JS library is provided that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. A security vulnerability exists in onion-oled-js that can be exploited by an attacker to...