Lucene search
K

2666 matches found

RedHat Linux
RedHat Linux
added 2024/12/11 4:19 p.m.3 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/12/11 4:16 p.m.2 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/12/09 9:42 a.m.26 views

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.7AI score0.04422EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/12/09 12:0 a.m.11 views

CVE-2024-55564

The POSIX::2008 package before 0.24 for Perl has a potential execve50c env buffer overflow...

9.8CVSS5.6AI score0.00488EPSS
Exploits0
OSV
OSV
added 2024/12/05 8:15 p.m.4 views

CLSA-2024-1733429722 Fix CVE(s): CVE-2024-48992

SECURITY UPDATE: Arbitrary code execution via manipulated RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: Prevent script from setting RUBYLIB environment variable to avoid LPE - CVE-2024-48992...

7.8CVSS6.2AI score0.06607EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2024/12/05 7:6 p.m.19 views

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

7.1AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.9 views

PT-2024-40490 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions 0.23.0 through 0.23.2 Description: The issue arises from a regression in the PYO3 CONFIG FILE environment variable, which is used to configure builds. This regression causes PyO3 to fail to reconfigure and recompile when the...

7.2AI score
Exploits0References4
OSV
OSV
added 2024/12/04 12:0 p.m.8 views

RUSTSEC-2024-0409 Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

7.1AI score
Exploits0References3
OSV
OSV
added 2024/12/04 12:0 a.m.21 views

ALSA-2024:10785 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8.2AI score0.04422EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.7 views

RHEL 8 : postgresql:13 (RHSA-2024:10800)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10800 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

8.8CVSS8.5AI score0.04422EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/12/02 1:48 a.m.2 views

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/11/28 9:46 a.m.18 views

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

5.7CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2024/11/28 9:46 a.m.69 views

CVE-2024-22037

CVE-2024-22037 is referenced in SUSE updates for Uyuni tooling. The issue stems from database credentials being exposed via environment in a systemd/Podman context. The connected SUSE advisory notes that CVE-2024-22037 is fixed by switching to podman secrets to store database credentials (uyuni-t...

5.7CVSS5.5AI score0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/28 9:46 a.m.19 views

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

5.7CVSS6.8AI score0.00172EPSS
Exploits0References1
Mageia
Mageia
added 2024/11/27 7:59 p.m.25 views

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

8.8CVSS8AI score0.04422EPSS
Exploits1References3
CNVD
CNVD
added 2024/11/26 12:0 a.m.8 views

AnythingLLM Information Disclosure Vulnerability

AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...

7.5CVSS6.3AI score0.29187EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/11/22 3:51 a.m.6 views

SUSE CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

7.8CVSS7.7AI score0.19924EPSS
Exploits15References3
SUSE CVE
SUSE CVE
added 2024/11/22 3:51 a.m.5 views

SUSE CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

7.8CVSS7.7AI score0.06607EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.5 views

The vulnerability of the needrestart utility, related to the uncontrolled element in the search process, allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart utility is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user by manipulating the PYTHONPATH variable during Python initialization...

7.8CVSS8.1AI score0.19924EPSS
Exploits15References7Affected Software4
NVD
NVD
added 2024/11/19 6:15 p.m.18 views

CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

7.8CVSS0.19924EPSS
Exploits15References6
Rows per page
Query Builder