31 matches found
CLSA-2026-1778881463 ipa: Fix of 3 CVEs
CVE-2023-5455: fix CSRF vulnerability by adding Referer header check to all session endpoints - CVE-2024-1481: validate Kerberos principal name before kinit and pass it with -- separator to prevent option injection - CVE-2024-11029: scrub administrative passwords from process command line and...
UBUNTU-CVE-2026-32596
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...
CVE-2026-32596
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...
PT-2026-25844
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, has an issue where the web server runs without authentication by default when started with glances -w. This exposes a REST API containing sensitive...
CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the Active Process Command feature...
CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the Active Process Command feature...
CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the Active Process Command feature...
PT-2024-27779 · Mangoos · Mangoos
Name of the Vulnerable Software and Affected Versions: MangoOS versions prior to 5.2.0 Description: The issue is an authenticated remote code execution RCE vulnerability via the Active Process Command feature. Recommendations: For versions prior to 5.2.0, update to version 5.2.0 or later to resol...
CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the Active Process Command feature...
MangoOS 安全漏洞
MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from authenticated Remote Code Execution RCE via the Active Process Command feature...
CVE-2024-37845
MangoOS is affected by CVE-2024-37845: versions prior to 5.2.0 expose an authenticated remote code execution (RCE) vulnerability through the Active Process Command feature. The issue is confirmed by multiple sources in the connected set (including PT-2024-27779 and Red Hat/NVD records). Impact de...
CVE-2024-43402
Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...
PT-2024-5911 · Rust +1 · Rust +1
Name of the Vulnerable Software and Affected Versions: Rust affected versions not specified Description: The issue is related to the std::process::Command component of the Rust programming language on Windows operating systems. It involves the injection or modification of arguments, potentially...
SUSE CVE-2018-17957
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool RMT before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database...
CVE-2022-0852
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
Design/Logic Flaw
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
CVE-2021-40425
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
Webroot Secure Anywhere 缓冲区错误漏洞
Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. Webroot Secure Anywhere 21.4 suffers from a buffer error vulnerability that stems from an out-of-bounds read vulnerability in IOCTL GetProcessCommand and B03. A specially crafted executable could result in a denial of...