CVE-2026-43584

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

EUVD-2026-28180

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

CVE-2026-43584

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

CVE-2026-43584

OpenClaw prior to version 2026.4.10 is affected by an insufficient environment variable denylist in the exec policy. This vulnerability allows operator-supplied overrides of high-risk interpreter startup variables (VIMINIT, EXINIT, LUA_INIT, HOSTALIASES), enabling manipulation of downstream execu...

CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

PT-2026-38239

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An insufficient environment variable denylist in the exec environment policy allows operator-supplied overrides of high-risk interpreter startup variables. Specifically, the variables VIMINIT,...

OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Summary Exec environment denylist missed high-risk interpreter startup variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The exec environment policy missed interpreter startup variables such as VIMINIT, EXINIT, LUAINIT, and...

EUVD-2002-0040

Malware in sbrugna...

AZL-43501 CVE-2024-25629 affecting package python-pycares 3.1.1-3

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2002-0040

CVE-2002-0040 affects SGI IRIX 6.5.11–6.5.15f, where the HOSTALIASES environment variable can cause privileged applications to dump core, potentially enabling privilege escalation. The issue is local and was addressed by SGI in IRIX 6.5.16m/6.5.16f with patches; the advisory outlines affected com...

CVE-2002-0040

Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges...

IRIX rpc/HOSTALIASES vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: IRIX rpc/HOSTALIASES vulnerability Number: 20020306-01-P Date: March 28, 2002 Reference: CVE CAN-2002-0039 RPC Reference: CVE CAN-2002-0040 HOSTALIASES - ----------------------- - --- Issue Specifics --- - ----------------------- It'...

IRIX rpc/HOSTALIASES vulnerability

Malformed RPC packet can result DoS against system. Priveleged application can be overflowed by HOSTALIASES environment variable resulting to local privelege elevation...

CVE-2001-0170

Technical specifics (affected product versions, root cause, mitigations, or exploit details) are not publicly provided in the supplied documents; monitor for updates.