OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

EUVD-2025-27476

Malicious code in bioql PyPI...

GO-2024-2449 Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

SUSE CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

SUSE CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

Microsoft Windows 10: Modify firmware environment values

This security setting determines who can modify firmware environment values. Firmware environment values are settings that are stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On all computers, this user right is required to install or...

The vulnerability of the audio driver of the mobile application MSM for the Android operating system allows a hacker to trigger a stack overflow.

The vulnerability of the Android mobile application’s audio driver relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to select certain values in the user’s environment, which may lead to stack overflow...

DEBIAN-CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...