CVE-2022-4883

CVE-2022-4883 concerns the libXpm library. When processing files with .Z or .gz extensions, libXpm may invoke external programs to compress/uncompress, using PATH to locate these helpers. This behavior allows a local attacker to cause arbitrary program execution by manipulating PATH. Reported acr...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

PT-2023-19808 · Syft · Syft

Name of the Vulnerable Software and Affected Versions: syft versions v0.69.0 through v0.69.1 Description: A password disclosure flaw was found in syft, which leaks the password stored in the SYFT ATTEST PASSWORD environment variable. This variable is used to decrypt the private key during the...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CKAN 安全漏洞

CKAN is an open source Dms data management system. Used to power data centers and data portals. A security vulnerability exists in CKAN versions prior to 5.4.1, which stems from the fact that if a user does not set a custom value via an environment variable in the .env file, a key is shared betwe...

SUSE-SU-2023:0165-1 Security update for libXpm

This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed bsc1207029. - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small...

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Atlassian Bitbucket < 7.6.19 / 7.17.12 / 7.21.6 / 8.0.5 / 8.1.5 / 8.2.4 / 8.3.3 / 8.4.2 Command Injection

The version of Atlassian Bitbucket installed on the remote host 7.0.0 prior to 7.6.19, 7.7.0 prior to 7.17.12, 7.18.0 prior to 7.21.6, 8.0 prior to 8.0.5, 8.1 prior to 8.1.5, 8.2 prior to 8.2.4, 8.3 prior to 8.3.3 or 8.4 prior to 8.4.2. It is, therefore, affected by a command injection...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : libXpm vulnerabilities (USN-5807-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-1 advisory. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening...

Denial Of Service (DoS)

newsboat is vulnerable to denial of service DoS attacks. Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are...

GHSA-CM9X-C3RH-7RC4 CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not...

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not...

SUSE: Security Advisory (SUSE-SU-2022:4630-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

NULL Pointer Dereference

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 12/27/22 version 5.8.0 and the current master branch at commit 031da1be8f6c9aa55f6e4e76df962d2c85dc32e8 . Description This...

PT-2022-7296 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: cri-o versions prior to 1.26.0 Description: A vulnerability was found in cri-o, allowing the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. This issue may allow an attacker to impact the...