7 matches found
CVE-2026-54590
AsyncSSH (Python, v2.23.0) contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in AuthorizedKeysFile but fails to block a leading ~ or ${ENV}. This allows later expansion in _expand_val and Path(filename).expanduser() to esca...
EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2026-2188)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...
EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2026-2110)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...
Medium: python
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
SUSE CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
(pam_env): Infinite loop by expanding certain arguments
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
security flaw
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...