CVE-2024-48992

CVE-2024-48992 affects needrestart before 3.8. An attacker could trigger arbitrary root commands by supplying an attacker-controlled RUBYLIB and tricking the Ruby interpreter, per the initial description. The TencentOS Server 4 advisory also notes that needrestart passes unsanitized data to Modul...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

CVE-2024-48990

The CVE-2024-48990 vulnerability affects needrestart prior to 3.8, where an attacker can cause root code execution by manipulating the PYTHONPATH environment variable as needrestart runs Python with elevated privileges. Public PoCs and exploits exist (e.g., PoCs and Metasploit module targeting ne...

needrestart 权限许可和访问控制问题漏洞

needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to run the Python interpreter by tricking...

needrestart 权限许可和访问控制问题漏洞

needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to run the Ruby interpreter by tricking needresta...

PT-2024-8540 · Unknown +3 · Needrestart +3

Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to an uncontrolled search path element in the needrestart utility. Exploitation of this issue may allow an attacker to execute arbitrary code in the context of the root user ...

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...

USN-7049-2: PHP vulnerabilities

USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject...

USN-7109-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

FreeBSD : PostgreSQL -- PL/Perl environment variable changes execute arbitrary code (a03636f4-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a03636f4-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-7109-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7109-1 advisory. Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this...

PT-2024-8138

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue is related t...

CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE

GNU is vulnerable to command injection due to missing sanitization of filenames when the LESSCLOSE environment variable is set and invoked. This could allow an attacker to execute malicious commands within the privileges of the utility...

cgi.force_redirect configuration is bypassable due to the environment variable collision

...

PT-2024-31541 · Fetch +1 · Fetch +1

Name of the Vulnerable Software and Affected Versions: fetch versions affected versions not specified Description: The issue arises from the fetch3 library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by...

GHSA-H99M-6755-RGWC Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...