38 matches found
CVE-2024-41956
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by...
EUVD-2002-1996
Malware in sbrugna...
EUVD-1999-0073
Malware in sbrugna...
EUVD-2003-0332
Malware in sbrugna...
EUVD-2022-44892
Malicious code in bioql PyPI...
EUVD-2023-34966
Malicious code in bioql PyPI...
Exploit for CVE-2024-31969
📌 CVE-2024-31969 CVE-2024-31969 adalah kerentanan local...
CVE-2020-12612
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files x86 folder and therefore uses the %ProgramFilesx86% environment variable. However, when this same policy gets pushed to a...
Amazon Linux 2 : postgresql (ALAS-2025-2764)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2764 advisory. Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive proce...
Juniper SRX Firewall / EX Switch Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...
EulerOS Virtualization 2.10.1 : libXpm (EulerOS-SA-2023-1906)
According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...
EulerOS Virtualization 2.9.0 : libXpm (EulerOS-SA-2023-1676)
According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...
FreeBSD : libXpm -- Issues handling XPM files (38f213b6-8f3d-4067-91ef-bf14de7ba518)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 38f213b6-8f3d-4067-91ef-bf14de7ba518 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height,...
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
SUSE-SU-2023:0165-1 Security update for libXpm
This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed bsc1207029. - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small...
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
Design/Logic Flaw
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...
CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...
Code injection
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-32553
CVE-2022-32553 affects Pure Storage FlashArray (Purity//FA) versions 5.2.x and prior up to 6.2.3, and FlashBlade (Purity//FB) up to 3.3.0; vulnerability is privilege escalation via manipulation of environment variables. A logged-in user can escape a restricted shell to an unrestricted shell with ...