2646 matches found
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
Memory corruption
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
Important: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-101-01)
The version of mozilla-firefox installed on the remote host is prior to 102.10.0esr / 112.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-101-01 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a...
AZL-37431 CVE-2023-24536 affecting package golang for versions less than 1.21.6-1
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...
SUSE CVE-2023-24536
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...
cri-o: /etc/passwd tampering privesc
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...
PT-2023-2479 · Spicedb · Spicedb
Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.19.1 Description: The issue is related to the SpiceDB database system, specifically with the /debug/pprof/cmdline endpoint served by the metrics service, which reveals command-line flags provided for debugging...
Node.js: insecure loading of ICU data through ICU_DATA environment variable
An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...
Information Exposure
github.com/minio/minio-go, is vulnerable to Sensitive Information Exposure. The vulnerability exists during cluster deployment due to a lack of sensitive environment variable masking in the MINIOSECRETKEY and MINIOROOTPASSWORD, allowing an attacker to exfiltrate sensitive tokens from the system...
CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...
FreeBSD : libXpm -- Issues handling XPM files (38f213b6-8f3d-4067-91ef-bf14de7ba518)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 38f213b6-8f3d-4067-91ef-bf14de7ba518 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height,...
SUSE CVE-2022-4900
A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...
Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2023-107)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-107 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Deni...
CVE-2022-4900
A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...
Bitbucket Environment Variable RCE
For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GITEXTERNALDIFF environment variable, a null...