2629 matches found
CVE-2024-38811
VMware Fusion for macOS versions 13.x before 13.6 contains a code‑execution vulnerability due to insecure handling of an environment variable. The root cause is an insecure environment variable usage inside the Fusion application, which could allow a local attacker with standard user privileges t...
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...
GO-2024-3100 Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel
Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel...
Chisel's AUTH environment variable not respected in server entrypoint
Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...
Unauthorized Access
github.com/jpillora/chisel is vulnerable to Unauthorized Access. The vulnerability is due to the Chisel server not reading the documented AUTH environment variable, which allows unauthenticated users to connect even when credentials are set...
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...
EulerOS Virtualization 2.11.0 : less (EulerOS-SA-2024-2180)
According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename....
GO-2023-1533 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in github.com/anchore/syft
Credential disclosure in syft when SYFTATTESTPASSWORD environment variable set in github.com/anchore/syft...
EulerOS 2.0 SP12 : less (EulerOS-SA-2024-2241)
According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation...
EulerOS 2.0 SP12 : less (EulerOS-SA-2024-2217)
According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation...
CVE-2024-42370
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
Litestar 安全漏洞
Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar version 2.10.0 and prior versions that stems from vulnerability to environment variable injection attacks, leading to confidentiality disclosure and repository...
GHSA-4HQ2-RPGC-R8R7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370
Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...