2659 matches found
Remote code execution
Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...
USN-5776-1 containerd vulnerabilities
It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...
PT-2022-27328 · Wasm3 · Wasm3
Name of the Vulnerable Software and Affected Versions: wasm3 version 7890a2097569fde845881e0b352d813573e371f9 Description: A segmentation fault was discovered in the op CallIndirect component at /m3 exec.h. Recommendations: For version 7890a2097569fde845881e0b352d813573e371f9, consider updating t...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization. PoC js var root = require"exec-local-bin" root"& touch JHU", Remediation Upgrade exec-local-bin to version 1.2.0 or higher. References - GitHub...
runc: incorrect handling of inheritable capabilities
A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...
kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...
PT-2022-36762 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, which occurs in the mrb str format function, followed by mrb f sprintf and mrb vm exec. ...
PT-2022-36760 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state includes functions such as pack unpack, mrb pack unpack, and mrb vm exec. Recommendations: At the moment, there is no...
Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...
AZL-79026 CVE-2022-41716 affecting package golang 1.25.7-1
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...
Improper Neutralization of Null Byte or NUL Character
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
Improper Neutralization of Null Byte or NUL Character
Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
GO-2022-1095 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
[SECURITY] [DSA 5260-1] lava security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5260-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2022 https://www.debian.org/security/faq -...
go -- syscall, os/exec: unsanitized NUL in environment variables
The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
...