Lucene search
+L

134 matches found

OSV
OSV
added 2025/04/23 6:16 p.m.2 views

DEBIAN-CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

2.5CVSS5.2AI score0.00252EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/27 3:9 a.m.9 views

SUSE CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

5.5CVSS6.4AI score0.00283EPSS
Exploits0References10
NVD
NVD
added 2025/02/26 7:1 a.m.14 views

CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

5.5CVSS0.00283EPSS
Exploits0References9
OSV
OSV
added 2025/02/26 7:1 a.m.6 views

DEBIAN-CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

5.5CVSS5.4AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 7:1 a.m.4 views

UBUNTU-CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

5.5CVSS6AI score0.00283EPSS
Exploits0References12
CVE
CVE
added 2025/02/26 1:56 a.m.158 views

CVE-2022-49264

CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...

5.5CVSS6.5AI score0.00283EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/02/26 1:56 a.m.17 views

CVE-2022-49264 exec: Force single empty string when argv is empty

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

5.5CVSS6.2AI score0.00283EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.2 views

Astra Linux – Vulnerability in symfony

symfony/runtime is a module for the Symphony PHP framework that enables decoupling PHP applications from global state. When the registerargvargc PHP directive is set to on, and users call any URL with a specially crafted query string, they can change the environment or debug mode used by the kern...

7.3CVSS6.2AI score0.63422EPSS
Exploits0References3
Snyk
Snyk
added 2024/12/18 7:47 p.m.5 views

Command Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Command Injection due to the PHP registerargcargv configuration setting. An attacker can execute arbitrary code by manipulating the command line arguments. Note: This is only exploitable if t...

9.8CVSS8.2AI score0.97446EPSS
Exploits9References2
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.10 views

Craft CMS 代码注入漏洞

Craft CMS is a user-friendly, web-based content management system for creating and managing website content. Craft CMS has a security vulnerability due to the opening of registerargcargv in the PHP configuration, which can be exploited by an attacker to execute arbitrary code and take control of...

9.8CVSS7.9AI score0.97446EPSS
Exploits9References2
Veracode
Veracode
added 2024/11/20 3:48 a.m.19 views

Local File Inclusion (LFI)

symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...

7.3CVSS6.6AI score0.63422EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/11/06 9:15 p.m.2 views

DEBIAN-CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7.3AI score0.63422EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.6 views

The vulnerability of the composer.phar file of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.

The vulnerability of the composer.phar file of the PHP Composer dependency manager is related to the registerargcargv function in php.ini. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.0139EPSS
Exploits0References10Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/04/10 12:0 a.m.20 views

SUSE SLES15: libblkid-devel / libblkid-devel-static / libblkid1 / etc (SUSE-SU-2024:1169-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1169-1 advisory. - CVE-2024-28085: Properly neutralize escape sequences in wall. bsc1221831 Tenable has extracted the preceding description block directly fr...

3.3CVSS7AI score0.02242EPSS
Exploits3References6
F5 Networks
F5 Networks
added 2024/04/01 4:5 p.m.42 views

K000139140: util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

3.3CVSS6.4AI score0.02242EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2024/03/27 12:0 a.m.371 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS6.9AI score0.02242EPSS
Exploits3References5
OSV
OSV
added 2024/01/31 2:15 p.m.2 views

DEBIAN-CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

7.8CVSS7.1AI score0.04794EPSS
Exploits7References1
OSV
OSV
added 2023/09/29 8:15 p.m.7 views

UBUNTU-CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

8.8CVSS6.4AI score0.0139EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2023/09/29 7:33 p.m.22 views

CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

8.8CVSS9.1AI score0.0139EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2008-5983

Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...

6.9CVSS7.5AI score0.0051EPSS
Exploits1References3
Rows per page
Query Builder