GHSA-H99M-6755-RGWC Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

RHEL 6 : libxpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXpm: Out-of-bounds write in XPM extension parsing CVE-2016-10164 - A flaw was found in libXpm. When...

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are...

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

Code injection

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

Rocky Linux 8 : libXpm (RLSA-2023:0379)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0379 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can le...

EulerOS Virtualization 3.0.6.6 : libXpm (EulerOS-SA-2023-2430)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

EulerOS Virtualization 3.0.6.0 : libXpm (EulerOS-SA-2023-2253)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2023-2108)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libXpm (EulerOS-SA-2023-1762)

According to the versions of the libXpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and c...

FreeBSD : libXpm -- Issues handling XPM files (38f213b6-8f3d-4067-91ef-bf14de7ba518)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 38f213b6-8f3d-4067-91ef-bf14de7ba518 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height,...

Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2023-107)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-107 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Deni...

Amazon Linux AMI : libXpm (ALAS-2023-1693)

The version of libXpm installed on the remote host is prior to 3.5.10-2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1693 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will b...

Important: libXpm

Issue Overview: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 A flaw was found ...

Ubuntu 16.04 ESM : libXpm vulnerabilities (USN-5807-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-2 advisory. USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-4883

CVE-2022-4883 concerns the libXpm library. When processing files with .Z or .gz extensions, libXpm may invoke external programs to compress/uncompress, using PATH to locate these helpers. This behavior allows a local attacker to cause arbitrary program execution by manipulating PATH. Reported acr...