23 matches found
USN-8282-2 unbound vulnerabilities
USN-8282-1 fixed vulnerabilities in Unbound. This update provides the corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Andr...
CVE-2026-32059
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
CVE-2026-32059
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
CVE-2026-32059 OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
GHSA-3C6H-G97W-FG78 OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode
Summary In OpenClaw, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval. Affected Packages / Versions - Ecosystem: npm - Package: openclaw - Latest published version...
OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode
Summary In OpenClaw, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval. Affected Packages / Versions - Ecosystem: npm - Package: openclaw - Latest published version...
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
EUVD-2026-8987
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
GHSA-7977-C43C-XPWJ OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the tools.exec.safeBins validation when validating options for sort. An attacker can execute unauthorized commands by supplying GNU long-option...
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
PT-2026-22291
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23 Description The software contains a validation bypass in the tools.exec.safeBins logic for the sort command. This bypass occurs when using GNU long-option abbreviations such as --compress-prog in allowlist...
EUVD-2000-0315
Malware in sbrugna...
SUSE CVE-2004-1079
Buffer overflow in 1 ncplogin and 2 ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option...
DEBIAN-CVE-2010-3441
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via 1 a crafted input file, related to the PUT0 and PUT1 output macros; 2 a crafted input file, related to the trimtitle function; and possibly 3 a long -O option on a command line...
Buffer overflow
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via 1 a crafted input file, related to the PUT0 and PUT1 output macros; 2 a crafted input file, related to the trimtitle function; and possibly 3 a long -O option on a command line...
CVE-2010-3441
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via 1 a crafted input file, related to the PUT0 and PUT1 output macros; 2 a crafted input file, related to the trimtitle function; and possibly 3 a long -O option on a command line...
CVE-2004-1079
Buffer overflow in 1 ncplogin and 2 ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option...