Bitbucket Environment Variable RCE

For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GITEXTERNALDIFF environment variable, a null...

CVE-2023-28163

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the current user's context. This bug onl...

Mozilla Thunderbird < 102.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-11 advisory. - Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety...

Mozilla Firefox ESR < 102.9

The version of Firefox ESR installed on the remote Windows host is prior to 102.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-10 advisory. - Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 111. An attacker can exploit the vulnerability to parse a file containing the name of an environment variable in the current user's environmen...

Security Vulnerabilities fixed in Firefox 111 — Mozilla

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. By displaying a prompt with a long description, the...

GHSA-6Q4M-7476-932W github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

CVE-2023-27581

Summary: CVE-2023-27581 affects the GitHub Action github-slug-action. Vulnerability: Versions before 4.4.1 insecurely use the github.head_ref parameter in pull request workflows, enabling an attacker to trigger code execution on GitHub runners and exfiltrate CI secrets. Impact: High impact on con...

PT-2023-21224 · Github · Github-Slug-Action

Name of the Vulnerable Software and Affected Versions: github-slug-action versions 4.0.0 through 4.4.1 Description: The github-slug-action uses the github.head ref parameter in an insecure way, allowing any user on GitHub to trigger the vulnerability by creating a pull request with a branch name...

Debian: Security Advisory (DLA-63-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cri-o: /etc/passwd tampering privesc

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

UBUNTU-CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

Amazon Linux AMI : libXpm (ALAS-2023-1693)

The version of libXpm installed on the remote host is prior to 3.5.10-2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1693 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will b...

Important: libXpm

Issue Overview: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 A flaw was found ...

K51663510: Apache Tomcat vulnerability CVE-2016-5388

Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...

K73071205: PHP vulnerability CVE-2016-5385

Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

K16878: PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Security Advisory Description Description CVE-2011-3148 Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces...

php: potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

Ubuntu 16.04 ESM : libXpm vulnerabilities (USN-5807-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-2 advisory. USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...