CVE-2022-4313

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets...

SUSE CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerabilit...

PT-2023-14178 · Tenable · Tenable

Name of the Vulnerable Software and Affected Versions: Tenable products affected versions not specified Description: A vulnerability was reported where an authenticated user with Scan Policy Configuration roles in Tenable products could manipulate audit policy variables by modifying the scan...

CVE-2023-1296

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...

UBUNTU-CVE-2023-1296

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...

CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...

CVE-2023-1296

Removed by vendor...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. It is used to manage containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad , Nomad Enterprise versions 1.4.0 through 1.5.0...

Tenable Network Security Tenable.Sc和Nessus 安全漏洞

Tenable Network Security Nessus and Tenable.Sc are both products of Tenable Network Security, U.S.A. Nessus is an open-source system vulnerability scanner.Tenable.Sc is a vulnerability analysis solution. Sc is a vulnerability analysis solution that supports real-time vulnerability assessment and...

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

PT-2023-16869 · Hashicorp +1 · Nomad Enterprise +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.5.0 Description: A vulnerability was identified in Nomad and Nomad Enterprise such that a deny ACL capability could not be applied to a workload’s own variables. If included, the...

Debian: Security Advisory (DLA-59-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-677-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2023-1459)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2023-1505)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during...

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

Potentially Dangerous PATH Variables

Binary data dangerouspaths.nbin...

ReaperBaseStrategyv4 is not Initializable

Lines of code Vulnerability details Impact ReaperStrategyGranarySupplyOnly calls function ReaperBaseStrategyinit from ReaperBaseStrategyv4, but ReaperBaseStrategyv4 is not Initializable. If the ReaperBaseStrategyinit function is not called during contract initialization, it can cause critical...

Command Injection

@zowe/imperative is vulnerable to Command Injection. The vulnerability exists due to the insecure usage of execSync, which allows an already-privileged local attackers to inject and execute malicious shell commands through the plugin install/update commands or through maliciously formed environme...

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...