Lucene search
+L

7 matches found

osv
osv
added 2026/02/18 12:46 a.m.4 views

GHSA-M7X8-2W3W-PR42 OpenClaw has a command injection in maintainer clawtributors updater

Summary Command injection in the maintainer/dev script scripts/update-clawtributors.ts. Impact Affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicious commit author email e.g. crafted @users.noreply.github.com values. Norma...

8.6CVSS5.9AI score0.01709EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.6 views

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

8.6CVSS5.8AI score0.01709EPSS
Exploits0References6
veracode
veracode
added 2021/09/12 1:17 a.m.26 views

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.7CVSS5AI score0.00551EPSS
Exploits0References6Affected Software3
nvd
nvd
added 2017/06/09 4:29 p.m.22 views

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.9CVSS6.8AI score0.00551EPSS
Exploits0References5
osv
osv
added 2017/06/09 4:29 p.m.6 views

UBUNTU-CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.7CVSS6.7AI score0.00551EPSS
Exploits0References7
debiancve
debiancve
added 2017/06/09 4:0 p.m.58 views

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.9CVSS6.8AI score0.00551EPSS
Exploits0
cvelist
cvelist
added 2017/06/09 4:0 p.m.32 views

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.7AI score0.00551EPSS
Exploits0References5
Rows per page
Query Builder