CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

CVE-2024-40842

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data...

PT-2024-31779 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...

arduino-esp32 操作系统命令注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An operating system command injection vulnerability exists in arduino-esp32 version 26db8cba32e77050f177e8cb0f879614c57bc5f2, which stems from code injection and environment...

CVE-2024-40842

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data...

CVE-2024-43392

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP environment variable which can lead to a DoS...

CVE-2024-43390

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FWNAT.INIP environment variable which can lead to a DoS...

CVE-2024-43393 Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP FWRULESETS.FROMIP FWRULESETS.INIP environment...

PT-2024-30549

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...

PT-2024-30551 · Phoenix Contact · Fl Mguard 2102 +46

Name of the Vulnerable Software and Affected Versions: Firewall services affected versions not specified Description: A low-privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW NAT.IN IP environment variable, whic...

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

CVE-2024-38811

VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...

CVE-2024-38811

VMware Fusion for macOS versions 13.x before 13.6 contains a code‑execution vulnerability due to insecure handling of an environment variable. The root cause is an insecure environment variable usage inside the Fusion application, which could allow a local attacker with standard user privileges t...

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...

GO-2024-3100 Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel

Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel...

Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

Unauthorized Access

github.com/jpillora/chisel is vulnerable to Unauthorized Access. The vulnerability is due to the Chisel server not reading the documented AUTH environment variable, which allows unauthenticated users to connect even when credentials are set...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...