GHSA-22QR-RP27-J9WM PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE

Summary The MCP module's ReplServer binds to all interfaces 0.0.0.0:4403 and exposes a /execute endpoint that runs arbitrary code with zero authentication. Anyone on the network can POST JavaScript and it runs on the server. The main PenpotMcpServer was partially fixed for a similar binding issue...

PT-2026-42034

Summary The MCP module's ReplServer binds to all interfaces 0.0.0.0:4403 and exposes a /execute endpoint that runs arbitrary code with zero authentication. Anyone on the network can POST JavaScript and it runs on the server. The main PenpotMcpServer was partially fixed for a similar binding issue...

EUVD-2016-9453

Malware in sbrugna...

K31130692: GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606

Security Advisory Description CVE-2016-8605 The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode...

SUSE CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

Code injection

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

ALPINE-CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

UBUNTU-CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

openSUSE Security Update : guile (openSUSE-2016-1235)

This update for guile fixes the following issues : - CVE-2016-8606: REPL server vulnerable to HTTP inter-protocol attacks bsc1004226. - CVE-2016-8605: Thread-unsafe umask modification bsc1004221. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

MGASA-2016-0354 Updated guile packages fix security vulnerability

The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions CVE-2016-8605. GNU Guile, an...

DLA-666-1 guile-2.0 - security update

Bulletin has no description...

CVE-2016-8606

A vulnerability was found in guile's REPL server --listen, making it vulnerable to HTTP inter-protocol attacks. A crafted website, when visited by a developer with an instance of the REPL server, could cause arbitrary code execution within the guile scheme interpreter...

guile2 -- multiple vulnerabilities

Ludovic Courtès reports: The REPL server is vulnerable to the HTTP inter-protocol attack The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads...