Lucene search
K

37 matches found

Snyk
Snyk
added 2024/07/09 9:39 a.m.3 views

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection'. This is due to a bypass of CVE-2024-27980. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. Note...

8.1CVSS8.1AI score0.01098EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/12 2:11 a.m.3 views

SUSE CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS8.9AI score0.01387EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/12/01 10:46 p.m.18 views

Environment variables still accessible through /proc

Impact Environment variables can be read from procfs unless a new process is started. PoC use birdcage::Birdcage, Sandbox; use std::env, fs; fn main Birdcage::new.lock.unwrap; asserteq!env::varos"SECRET", None; let environ = fs::readtostring"/proc/self/environ".unwrap;...

6.9AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/11 12:0 a.m.5 views

PT-2022-10398 · Qualcomm · Snapdragon Connectivity +4

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Industrial IOT affected versions not specified Snapdragon Mobile affected...

8.4CVSS7.6AI score0.00193EPSS
Exploits0References4
PyPA
PyPA
added 2020/07/29 1:15 p.m.5 views

PYSEC-2020-44

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS7AI score0.01694EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/06/04 9:29 p.m.17 views

Design/Logic Flaw

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

5.5CVSS7.7AI score0.0187EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2017/01/10 3:59 p.m.21 views

CVE-2016-6831

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...

7.5CVSS7.1AI score0.0175EPSS
Exploits0References2
NVD
NVD
added 2017/01/10 3:59 p.m.19 views

CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.8CVSS9.6AI score0.02148EPSS
Exploits0References2
Prion
Prion
added 2017/01/10 3:59 p.m.13 views

Buffer overflow

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

7.5CVSS7.1AI score0.02148EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/01/10 3:59 p.m.4 views

UBUNTU-CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.8CVSS7.4AI score0.02148EPSS
Exploits0References4
OSV
OSV
added 2017/01/10 3:59 p.m.1 views

DEBIAN-CVE-2016-6831

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...

7.5CVSS6.8AI score0.0175EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.3 views

DEBIAN-CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.8CVSS9.3AI score0.02148EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.3 views

UBUNTU-CVE-2016-6831

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...

7.5CVSS7.1AI score0.0175EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.23 views

CVE-2016-6831

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...

8.3AI score0.0175EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.26 views

CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.5AI score0.02148EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2017/01/10 3:0 p.m.57 views

CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.8CVSS9.6AI score0.02148EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/01/10 12:0 a.m.5 views

PT-2017-9029 · Chicken +1 · Chicken Scheme +1

Name of the Vulnerable Software and Affected Versions: CHICKEN Scheme versions prior to 4.12 Description: The issue arises from the "process-execute" and "process-spawn" procedures in CHICKEN Scheme, which utilize fixed-size buffers to hold arguments and environment variables for the execve call...

9.8CVSS7.8AI score0.04523EPSS
Exploits0References26
Rows per page
Query Builder