Path traversal

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

CVE-2023-4039 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

Medium: gcc10

Issue Overview: An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature -fstack-protector did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for th...

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

Oracle Linux 8 : ksh (ELSA-2020-0559)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0559 advisory. 20120801-253.0.1.el81 - Disable ASTnospawnveg for taskset workaround Orabug: 26754277 Red Hat Bug: 1295563 20120801-253 - Do not evaluate arithmetic expressions...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

Minio Environment Variables Exploit CVE-2023-28432 Overv...

Arbitrary Code Injection

github.com/ansible-semaphore/semaphore is vulnerable to Arbitrary Code Injection. The vulnerability exists in makeCmd function at AnsiblePlaybook.go which allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices allows a attacker to compromise data integrity.

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices is related to a modification of the PHP external variable. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...

CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition...

GHSA-3R32-CP7V-5WQ4 Code injection in ansible semaphore

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

VulnCheck KEV: CVE-2023-36844

Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

Code injection

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

PT-2023-5312 · Ansible · Ansible

Name of the Vulnerable Software and Affected Versions: ansible semaphore version 2.8.90 Description: The issue in ansible semaphore allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. This is related to incorrect code generation management in...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

Juniper Junos OS Pre-Auth RCE (JSA72300)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA72300 advisory. - A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series allows an unauthenticated, network-based attacker to...