29 matches found
CVE-2025-10680
OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...
CVE-2025-10680
OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...
CVE-2025-10680
OpenVPN CVE-2025-10680 affects OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX platforms. The root cause is improper handling of DNS-related options (--dns and --dhcp-option) in the --dns-updown hook, allowing a remote authenticated server to inject shell commands via DNS variables. Exploitation co...
EUVD-2018-0059
Malware in sbrugna...
EUVD-2023-2551
Malicious code in bioql PyPI...
EUVD-2023-58738
Malicious code in bioql PyPI...
BIT-PYTHON-MIN-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
BIT-PYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2023-6507
A flaw was found in Python's subprocess module. When creating a new subprocess, the developer may specify a list of extra groups through the 'extragroups= parameter. When this optional parameter is informed with an empty list, the module fails to properly clean the associated groups from the new...
CVE-2023-6507
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
Design/Logic Flaw
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2023-6507
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2023-6507
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2023-6507
Affects CPython 3.12.0 on POSIX via the subprocess module. When using extra_groups=[], the code regressed to not calling setgroups(0, NULL) before exec(), so original process groups aren’t dropped before starting the new process. The issue only impacts privileged CPython processes (typically root...
PSF-2023-12 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
PSF-CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
OESA-2023-1726 grpc security update
gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...
OESA-2023-1682 grpc security update
gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...
GHSA-P25M-JPJ4-QCRR Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...