The vulnerability of the pkcs15-init personalization utility and the libopensc library, which are part of the software tools and libraries for working with smart cards in OpenSC, allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pkcs15-init personalization utility and the libopensc library related to the OpenSC software suite involves the use of uninitialized variables due to incorrect checks on the return values of functions. Exploiting this vulnerability could allow an attacker to compromise th...

The vulnerability of the pkcs15-init personalization utility and the libopensc library, which are part of the software tools and libraries for working with smart cards in OpenSC, allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pkcs15-init personalization utility and the libopensc library related to the OpenSC software suite involves the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the PKCS15-init utility for personalizing smart cards, a software tool and library for working with smart cards in OpenSC, allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PKCS15-init setup in the software and library suite for working with smart cards in OpenSC is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional that stems from the presence of a buffer overflow vulnerability that allows buffer...

PT-2024-35116 · Real Time Innovations · Rti Connext Professional

Name of the Vulnerable Software and Affected Versions: RTI Connext Professional versions 5.3.1.40 through 5.3.1.41 RTI Connext Professional versions 6.1.1.2 through 6.1.2.21 RTI Connext Professional versions 7.0.0 through 7.3.0.2 Description: The issue is a buffer copy without checking the size o...

quarkus-core: Leak of local configuration properties into Quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

CLSA-2024-1734028058 Fix CVE(s): CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

SECURITY UPDATE: Prevent running the Python interpreter with an attacker-controlled PYTHONPATH environment variable - debian/patches/CVE-2024-48990-CVE-2024-48991.patch: do not set PYTHONPATH environment variable to prevent a LPE and prevent race condition on /proc/$PID/exec evaluation -...

SiYuan 安全漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan versions prior to 3.1.16, which stems from susceptibility to a server-side template injection SSTI attack via the Sprig template engine, allowing an attacker to access...

CVE-2024-55660 SiYuan has an SSTI via /api/template/renderSprig

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

CVE-2024-55660 SiYuan has an SSTI via /api/template/renderSprig

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

PT-2024-36575 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan versions prior to 3.1.16 Description: SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to acces...

ROS-20241211-08

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-07

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-06

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-03

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-02

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

USN-7140-1 tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used...

VulnCheck KEV: CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation...