glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Insomnia security breach

Insomnia is an open source, cross-platform API client from Insomnia for GraphQL, REST, WebSockets, server-sent events, and gRPC. A security vulnerability exists in Insomnia version 2023.4.0 that stems from the use of the DYLDINSERTLIBRARIES environment variable that can execute code and access...

Trellix Endpoint Security Code Injection Vulnerability

Trellix Endpoint Security ENS is an endpoint security solution from FireEye USA Trellix. A security vulnerability exists in Trellix Endpoint Security version 10.7.0 prior to April 2023 that originates from allowing local users to disable the ENS AMSI component via an environment variable, resulti...

The vulnerability of the dynamic loader ld.so of the glibc library allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the dynamic loader ld.so for the glibc library is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges by running binary files with SUID permissions and creating a variable environmen...

DEBIAN-CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

Summary Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. Details HTTP method for requests can be easily set by an attacker to be random and long. PoC Send many...

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

AZL-39873 CVE-2022-4318 affecting package cri-o for versions less than 1.22.3-1

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

Design/Logic Flaw

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

CVE-2022-4318

CVE-2022-4318 is confirmed in multiple records as a vulnerability in cri-o that enables tampering of /etc/passwd via a specially crafted environment variable, effectively a privilege escalation path. Affected scope includes cri-o deployments used by Red Hat OpenShift platforms (OpenShift 4.x line...

CVE-2022-4318 Cri-o: /etc/passwd tampering privesc

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

SQLpage vulnerable to public exposure of database credentials

Impact If - you are using a SQLPage version older than v0.11.1 - your SQLPage instance is exposed publicly - the database connection string is specified in the sqlpage/sqlpage.json configuration file not in an environment variable - the webroot is the current working directory the default - your...

Design/Logic Flaw

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

A set of memory corruption flaws have been discovered in the ncurses short for new curses programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to...