6340 matches found
ALPINE-CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-11003
Qualys-identified vulnerability in needrestart (before version 3.8): unsanitized input passed to Modules::ScanDeps can allow a local user to run arbitrary shell commands. The root cause is unsafe data handling by needrestart feeding Modules::ScanDeps, enabling command execution on the host with l...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
UBUNTU-CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
UBUNTU-CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
pam: libpam: Libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
[SECURITY] Fedora 40 Update: lemonldap-ng-2.20.1-1.fc40
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
PT-2024-8536 · Unknown +4 · Modules::Scandeps +4
Name of the Vulnerable Software and Affected Versions: Modules::ScanDeps versions prior to 1.36 Description: The issue is related to the Modules::ScanDeps library, which does not properly sanitize input. This can allow an attacker to execute arbitrary shell commands. A local attacker could exploi...
Malicious code in seller-webchat-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efe3ed359ac7762158b5f9007e341ccb501278d1259683e98786cdde66e56a2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to bypassing authentication through spoofing, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service...
Fedora 37 : libopenmpt (2022-16a2e11a27)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-16a2e11a27 advisory. libopenmpt 0.6.6 2022-09-25 - Sec Possible crash when playing manipulated IT / MPTM files with a T00 command. - MTM: In MultiTracker, setting speed and tempo...
AZL-42952 CVE-2024-4741 affecting package openssl for versions less than 1.1.1k-31
Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...
CVE-2024-4741
Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...