Lucene search
K

48 matches found

Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.4 views

PT-2024-38350 · Vivotek · Vivotek Cc8160

Name of the Vulnerable Software and Affected Versions: Vivotek CC8160 VVTK-0100d affected versions not specified Description: A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible ...

9.8CVSS7.5AI score0.02689EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.4 views

PT-2024-38353 · Vivotek · Vivotek Ib8367A

Name of the Vulnerable Software and Affected Versions: Vivotek IB8367A VVTK-0100b affected versions not specified Description: A critical vulnerability has been found in the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It i...

9.8CVSS7.6AI score0.02689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.5 views

PT-2024-38352 · Vivotek · Vivotek Sd9364

Name of the Vulnerable Software and Affected Versions: Vivotek SD9364 VVTK-0103f affected versions not specified Description: A critical issue affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. The attack may be...

9.8CVSS7.6AI score0.02689EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2023/07/20 12:0 a.m.35 views

systemd security and bug fix update

239-74.0.4.2 - Fix CVE-2023-26604 - pager: set whenver we invoke a pager [email protected] 2175624 - pager: make pager secure when under euid is changed or explicitly requested [email protected] 2175624 - pager: lets check SYSTEMDPAGERSECURE with securegetenv...

7.8CVSS7AI score0.01051EPSS
Exploits4
OSV
OSV
added 2021/12/22 7:15 p.m.3 views

CVE-2021-21907

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

4.9CVSS7.3AI score0.01423EPSS
Exploits1References1
Gitee
Gitee
added 2021/12/11 12:59 a.m.9 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...

7.8CVSS7.9AI score0.99295EPSS
Exploits81
BDU FSTEC
BDU FSTEC
added 2019/06/27 12:0 a.m.15 views

The vulnerability of the __GI_getenv function in the editing and Ogg-file checking software oggz allows a perpetrator to cause a service failure.

The vulnerability of the GIgetenv function name=0x7ffff7b94ac7 “TH”, name@entry=0x7ffff7b94ac5 “PATH” in the editing and checking tool for Ogg files from the oggz-tools package is related to buffer overflow vulnerabilities. Exploiting this vulnerability can allow an attacker to cause a service...

6.2CVSS5.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/05/04 12:0 a.m.81 views

Fedora 26 : php (2018-6071a600e8)

PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...

8.8CVSS6.9AI score0.79949EPSS
Exploits0References6
NVD
NVD
added 2017/03/07 3:59 p.m.20 views

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

5.5CVSS6.9AI score0.01957EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2017/03/07 3:59 p.m.4 views

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

5.5CVSS5.6AI score0.01957EPSS
Exploits0References10
CVE
CVE
added 2017/03/07 3:0 p.m.106 views

CVE-2013-5653

CVE-2013-5653 affects Ghostscript and stems from the getenv and filenameforall functions not honoring -dSAFER, enabling an attacker to read environment variables or list directories via a crafted PostScript document. The issue is documented across multiple sources (e.g., NVD description and IBM P...

5.5CVSS6.7AI score0.01957EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2017/03/07 3:0 p.m.28 views

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

5.5CVSS7.3AI score0.01957EPSS
Exploits0
Cent OS
Cent OS
added 2017/01/04 10:39 a.m.419 views

ghostscript security update

CentOS Errata and Security Advisory CESA-2017:0014 An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9.8CVSS7.2AI score0.06419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/01/04 10:9 a.m.4 views

ghostscript: getenv and filenameforall ignore -dSAFER

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...

5.5CVSS5.8AI score0.01957EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2016/06/10 12:0 a.m.42 views

lib32-gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

7.7AI score0.022EPSS
Exploits0References2
OSV
OSV
added 2015/09/02 2:17 p.m.7 views

SUSE-SU-2015:1892-1 Security update for libvdpau

libvdpau was updated to use securegetenv instead of getenv for several variables so it can be more safely used in setuid applications. CVE-2015-5198: libvdpau: incorrect check for security transition bnc943967 CVE-2015-5199: libvdpau: directory traversal in dlopen bnc943968 CVE-2015-5200: libvdpa...

7.2CVSS6.1AI score0.00505EPSS
Exploits0References7
OSV
OSV
added 2013/12/31 12:0 a.m.2 views

UBUNTU-CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

5.5CVSS6.8AI score0.01957EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.18 views

Mandriva Linux Security Advisory : libgssglue (MDVSA-2013:043)

This update fixes insecure getenv usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges CVE-2011-2709. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva...

6.2CVSS5.2AI score0.0044EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.36 views

[ MDVSA-2013:043 ] libgssglue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:043 http://www.mandriva.com/en/support/security/ Package : libgssglue Date : April 5, 2013 Affected: Business Server 1.0 Problem Description: This update fixes insecure getenv usage in libgssglue, which coul...

6.2CVSS6.1AI score0.0044EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.29 views

libgssapi / libgssglue privilege escalation

Insecure getenv usage...

6.2CVSS3AI score0.0044EPSS
Exploits0References1
Rows per page
Query Builder