Lucene search
K

2664 matches found

CNNVD
CNNVD
added 2023/10/04 12:0 a.m.7 views

Insomnia security breach

Insomnia is an open source, cross-platform API client from Insomnia for GraphQL, REST, WebSockets, server-sent events, and gRPC. A security vulnerability exists in Insomnia version 2023.4.0 that stems from the use of the DYLDINSERTLIBRARIES environment variable that can execute code and access...

7.8CVSS7.3AI score0.00352EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.6 views

Trellix Endpoint Security Code Injection Vulnerability

Trellix Endpoint Security ENS is an endpoint security solution from FireEye USA Trellix. A security vulnerability exists in Trellix Endpoint Security version 10.7.0 prior to April 2023 that originates from allowing local users to disable the ENS AMSI component via an environment variable, resulti...

7.8CVSS6.7AI score0.00221EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/04 12:0 a.m.3 views

The vulnerability of the dynamic loader ld.so of the glibc library allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the dynamic loader ld.so for the glibc library is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges by running binary files with SUID permissions and creating a variable environmen...

7.8CVSS7.7AI score0.81422EPSS
Exploits26References15Affected Software10
OSV
OSV
added 2023/10/03 6:15 p.m.2 views

DEBIAN-CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS7.2AI score0.81422EPSS
Exploits26References1
Github Security Blog
Github Security Blog
added 2023/10/02 11:29 p.m.40 views

opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

Summary Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. Details HTTP method for requests can be easily set by an attacker to be random and long. PoC Send many...

7.5CVSS6.8AI score0.00685EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.623 views

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

9.8CVSS7.1AI score0.93546EPSS
Exploits27
Metasploit
Metasploit
added 2023/09/29 7:51 p.m.346 views

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

9.8CVSS8AI score0.93546EPSS
Exploits27
ATTACKERKB
ATTACKERKB
added 2023/09/25 8:15 p.m.4 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS5.4AI score0.00266EPSS
Exploits0References5
NVD
NVD
added 2023/09/25 8:15 p.m.16 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS7.5AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2023/09/25 8:15 p.m.4 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS5.7AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2023/09/25 8:15 p.m.9 views

AZL-39873 CVE-2022-4318 affecting package cri-o for versions less than 1.22.3-1

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS7AI score0.00266EPSS
Exploits0References1
Prion
Prion
added 2023/09/25 8:15 p.m.27 views

Design/Logic Flaw

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

4.3CVSS7.5AI score0.00266EPSS
Exploits0References4Affected Software6
CVE
CVE
added 2023/09/25 7:23 p.m.224 views

CVE-2022-4318

CVE-2022-4318 is confirmed in multiple records as a vulnerability in cri-o that enables tampering of /etc/passwd via a specially crafted environment variable, effectively a privilege escalation path. Affected scope includes cri-o deployments used by Red Hat OpenShift platforms (OpenShift 4.x line...

7.8CVSS7.4AI score0.00266EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2023/09/25 7:23 p.m.11 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS7.5AI score0.00266EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/25 7:23 p.m.18 views

CVE-2022-4318 Cri-o: /etc/passwd tampering privesc

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

7.8CVSS6.7AI score0.00266EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/09/21 5:10 p.m.34 views

SQLpage vulnerable to public exposure of database credentials

Impact If - you are using a SQLPage version older than v0.11.1 - your SQLPage instance is exposed publicly - the database connection string is specified in the sqlpage/sqlpage.json configuration file not in an environment variable - the webroot is the current working directory the default - your...

10CVSS6.4AI score0.00602EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/09/18 10:15 p.m.17 views

Design/Logic Flaw

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

6.4CVSS9AI score0.00602EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/09/18 9:36 p.m.21 views

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

10CVSS8.6AI score0.00602EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2023/09/14 2:7 p.m.97 views

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

A set of memory corruption flaws have been discovered in the ncurses short for new curses programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to...

7.8CVSS8.7AI score0.00923EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2023/09/14 11:30 a.m.70 views

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces TUI. Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface POSIX operating...

4.3CVSS8.2AI score0.55367EPSS
Exploits22
Rows per page
Query Builder