7820 matches found
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
AZL-79026 CVE-2022-41716 affecting package golang 1.25.7-1
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
DEBIAN-CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
UBUNTU-CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716
CVE-2022-41716 affects Go on Windows, where unsanitized NUL values in environment variables can be used to set one env var while assigning another in processes started via syscall.StartProcess or os/exec.Cmd. The root cause is improper handling of environment variable values containing NULs, enab...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
Google Golang 安全漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
Improper Neutralization of Null Byte or NUL Character
Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
Improper Neutralization of Null Byte or NUL Character
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
GO-2022-1095 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
PT-2022-7160 · Parallels · Parallels Desktop
Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to improper initialization of environment variables within the Parallels Service, allowing local attackers to escalate privileges on affected installations of...
PT-2022-7157 · Parallels · Parallels Desktop
Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to improper initialization of environment variables within the Updater service of Parallels Desktop, allowing local attackers to escalate privileges and execu...
Timelock Contract should be used to avoid malicious governance
Lines of code Vulnerability details Impact Governance of Market.sol can call following function at anytime. This is not ideal since they can call this function for their own benefits. For example they can change liquidationFactorBps to gain more liquidationFee. They can change collateralFactorBps...
Cloudflare Public Bug Bounty: Extraction of Pages build scripts, config values, tokens, etc. via symlinks
A vulnerability was discovered in Pages build scripts that allowed malicious actors to extract build source/configuration and environment variables via symlinks due to broader permission set on certain folders within the filesystem structure. The issue was remediated by tightening permissions on...