Lucene search
K

2665 matches found

CVE
CVE
added 2024/09/17 6:8 p.m.56 views

CVE-2024-45798

The CVE-2024-45798 entry concerns the arduino-esp32 Arduino core for ESP32/variants. The connected documents describe multiple Poisoned Pipeline Execution (PPE) vulnerabilities in the CI workflow, specifically code injection in tests_results.yml (GHSL-2024-169) and environment variable injection ...

9.9CVSS9.9AI score0.00769EPSS
Exploits0References5
OSV
OSV
added 2024/09/17 6:8 p.m.3 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS8.2AI score0.00769EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/09/17 6:8 p.m.17 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS0.00769EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/17 6:8 p.m.20 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0References5
OSV
OSV
added 2024/09/17 12:15 a.m.1 views

CVE-2024-40842

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

arduino-esp32 操作系统命令注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An operating system command injection vulnerability exists in arduino-esp32 version 26db8cba32e77050f177e8cb0f879614c57bc5f2, which stems from code injection and environment...

9.9CVSS7.6AI score0.00769EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.3 views

PT-2024-31779 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...

9.9CVSS8AI score0.00769EPSS
Exploits0References11
Cvelist
Cvelist
added 2024/09/16 11:23 p.m.16 views

CVE-2024-40842

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data...

0.00229EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 9:15 a.m.3 views

CVE-2024-43392

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP environment variable which can lead to a DoS...

8.1CVSS5.8AI score0.00519EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 9:15 a.m.3 views

CVE-2024-43390

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FWNAT.INIP environment variable which can lead to a DoS...

8.1CVSS5.8AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 8:45 a.m.29 views

CVE-2024-43393 Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP FWRULESETS.FROMIP FWRULESETS.INIP environment...

8.1CVSS0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-30549

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...

8.1CVSS5.9AI score0.00519EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.6 views

PT-2024-30551 · Phoenix Contact · Fl Mguard 2102 +46

Name of the Vulnerable Software and Affected Versions: Firewall services affected versions not specified Description: A low-privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW NAT.IN IP environment variable, whic...

8.1CVSS7AI score0.00519EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/09/06 9:37 p.m.34 views

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

7.2CVSS6.6AI score0.00473EPSS
Exploits0References9Affected Software2
NVD
NVD
added 2024/09/03 10:15 a.m.12 views

CVE-2024-38811

VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...

8.8CVSS0.0028EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 9:47 a.m.123 views

CVE-2024-38811

VMware Fusion for macOS versions 13.x before 13.6 contains a code‑execution vulnerability due to insecure handling of an environment variable. The root cause is an insecure environment variable usage inside the Fusion application, which could allow a local attacker with standard user privileges t...

8.8CVSS8.4AI score0.0028EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.220 views

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...

10CVSS7.4AI score0.99999EPSS
Exploits147
OSV
OSV
added 2024/08/30 5:18 p.m.11 views

GO-2024-3100 Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel

Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel...

8.6CVSS8.4AI score0.0045EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/27 6:40 p.m.18 views

Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

8.6CVSS8.4AI score0.0045EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/08/27 6:33 a.m.9 views

Unauthorized Access

github.com/jpillora/chisel is vulnerable to Unauthorized Access. The vulnerability is due to the Chisel server not reading the documented AUTH environment variable, which allows unauthenticated users to connect even when credentials are set...

8.6CVSS8.6AI score0.0045EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder