CVE-2024-41956

Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by...

EUVD-1999-0073

Malware in sbrugna...

EUVD-2002-1996

Malware in sbrugna...

EUVD-2003-0332

Malware in sbrugna...

EUVD-2023-34966

Malicious code in bioql PyPI...

EUVD-2022-44892

Malicious code in bioql PyPI...

Exploit for CVE-2024-31969

📌 CVE-2024-31969 CVE-2024-31969 adalah kerentanan local...

CVE-2020-12612

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files x86 folder and therefore uses the %ProgramFilesx86% environment variable. However, when this same policy gets pushed to a...

Amazon Linux 2 : postgresql (ALAS-2025-2764)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2764 advisory. Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive proce...

The vulnerability of the needrestart utility, related to the uncontrolled element in the search process, allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart utility is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user by manipulating the PYTHONPATH variable during Python initialization...

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

EulerOS Virtualization 2.10.1 : libXpm (EulerOS-SA-2023-1906)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

EulerOS Virtualization 2.9.0 : libXpm (EulerOS-SA-2023-1676)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

FreeBSD : libXpm -- Issues handling XPM files (38f213b6-8f3d-4067-91ef-bf14de7ba518)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 38f213b6-8f3d-4067-91ef-bf14de7ba518 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height,...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

SUSE-SU-2023:0165-1 Security update for libXpm

This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed bsc1207029. - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Design/Logic Flaw

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

Code injection

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...