`grep-cli` may run arbitrary executables on Windows

On Windows in versions of grep-cli prior to 0.1.6, it's possible for some of the routines to execute arbitrary executables. In particular, a quirk of the Windows process execution API is that it will automatically consider the current directory before other directories when resolving relative...

GHSA-923P-FR2C-G5M2 Exposure of Sensitive Information to an Unauthorized Actor in Ansible

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

PYSEC-2020-11

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

DEBIAN-CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

ALPINE-CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

PYSEC-2020-5

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

Petwant PF-103 and Petalk AI buffer overflow vulnerability (CNVD-2020-12729)

Petwant PF-103 is an automated pet feeder from Petwant Pet Products China.Petalk AI is an automated pet feeder with monitoring function. A buffer overflow vulnerability exists in the 'processCommandUploadLog' function of the libcommon.so file in the Petwant PF-103 and Petalk AI version 3.2.2.30...

Petwant PF-103 and Petalk AI Arbitrary Command Execution Vulnerabilities

Petwant PF-103 is an automated pet feeder from Petwant Pet Products China.Petalk AI is an automated pet feeder with monitoring function. An arbitrary command execution vulnerability exists in the 'processCommandUpgrade' function of the libcommon.so file in the Petwant PF-103 and Petalk AI version...

DEBIAN-CVE-2009-4498

The nodeprocesscommand function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request...

security flaw

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...