7821 matches found
GNU Binutils Denial of Service Vulnerability
GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which stems from a...
GNU Binutils 安全漏洞
GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which stems from a...
GHSA-HH7J-PG39-Q563 toui allows user-specific variables to be shared between users
Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...
toui allows user-specific variables to be shared between users
Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...
Sudoedit Extra Arguments Priv Esc
This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
Sudoedit Extra Arguments Privilege Escalation Exploit
This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...
PT-2023-23742 · Teltonika · Teltonika Rut
Name of the Vulnerable Software and Affected Versions: Teltonika RUT router firmware versions 00.07.00 through 00.07.03.4 Description: The packet dump utility in the firmware contains proper validation for filter parameters, but the variables for validation checks are stored in an external...
GLSA-202305-27 : Tinyproxy: Memory Disclosure
The remote host is affected by the vulnerability described in GLSA-202305-27 Tinyproxy: Memory Disclosure - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in...
PT-2023-17682 · Undefined · Undefined
Исследователи начинают раскрывать результаты своей работы, которые демонстрировались в рамках хакерского турнира Pwn2Own, проведенного ZDI в декабре прошлого года. Не отстают и поставщики, правда не все. Исследователь Нгуен Хоанг Тхоч из STAR Labs опубликовал подробности двух уязвимостей в VMWare...
Execution With Unnecessary Privileges
github.com/pterodactyl/wings is vulnerable to Execution with Unnecessary Privileges. The vulnerability exists in the Execute function of install.go, allowing an attacker to gain access to the host system running Wings if an attacker is able to modify a server's install script or if the install...
GHSA-97WP-63WQ-HFWH Jenkins Ansible Plugin job configuration form does not mask variables
Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
Design/Logic Flaw
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...