Lucene search
+L

20 matches found

OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1917 Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

2.5CVSS6AI score0.00198EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.8 views

SUSE CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Command Injection

Overview @cyclonedx/cyclonedx-npm is a Create CycloneDX Software Bill of Materials SBOM from NPM projects. Affected versions of this package are vulnerable to Command Injection via the --workspace argument when the environment variable npmexecpath is unset or empty. An attacker can execute...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass an empty environment variable. fwgetenv will use the environment variable entry to determine the style of the environment variables. However, it is legal for the firmware to simply pass an empty...

5.3AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.17 views

GHSA-2CXP-XQ3C-MJXX Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.31 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:7 p.m.20 views

CVE-2026-35342

CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...

3.3CVSS5.7AI score0.00133EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the fact that the mktemp utility fails to properly handle the empty TMPDIR environment variable. Unlike GNU mktemp,...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013167 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of en...

5.7AI score0.00196EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/31 12:26 a.m.4 views

SUSE CVE-2023-54279

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

6.5AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/30 3:30 p.m.4 views

EUVD-2023-60525

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

5.9AI score0.00196EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.4 views

CVE-2023-54279

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

5.9AI score0.00196EPSS
Exploits0References11
CVE
CVE
added 2025/12/30 12:16 p.m.25 views

CVE-2023-54279

CVE-2023-54279 concerns the Linux kernel MIPS fw handling when firmware passes an empty environment. The issue arises in fw_getenv, which uses an env entry to determine the style of env data; firmware may supply an empty list, risking a null pointer dereference if code path assumes a non-empty fi...

6.1AI score0.00196EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2025/12/30 12:16 p.m.4 views

CVE-2023-54279

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

5.3AI score0.00196EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/30 12:16 p.m.23 views

CVE-2023-54279 MIPS: fw: Allow firmware to pass a empty env

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

0.00196EPSS
Exploits0References9
OSV
OSV
added 2025/12/30 12:16 p.m.5 views

CVE-2023-54279 MIPS: fw: Allow firmware to pass a empty env

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

6.3AI score0.00196EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.3 views

PT-2025-54108

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null point...

6.4AI score0.00196EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-11998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contai...

9.8CVSS7.3AI score0.51225EPSS
Exploits0References2
OSV
OSV
added 2024/07/18 5:18 p.m.12 views

GHSA-G92J-QHMH-64V2 Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

2.5CVSS5.7AI score0.00198EPSS
Exploits0References11
Rows per page
Query Builder