72 matches found
CVE-2025-4748
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
EEF-CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1,...
Erlang - Absolute Path in Zip Module
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
...
Denial of Service (DoS)
Overview org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges...
PT-2025-25546
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 Description The issue is related to a Path Traversal vulnerability...
[SECURITY] Fedora 39 Update: rust-brotli-7.0.0-2.fc39
A brotli compressor and decompressor that with an interface avoiding the rust stdlib. This makes it suitable for embedded devices and kernels. It is designed with a pluggable allocator so that the standard lib's allocator may be employed. The default build also includes a stdlib allocator and...
Malicious code in bsc-stdlib-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df99335a79394c76ec65c4c11bd937510961ba93b67e631d560753ab61a735b6 The OpenSSF Package Analysis project identified 'bsc-stdlib-polyfill' @ 0.0.1 npm as malicious. It is considered malicious because: - The packag...
MAL-2024-8900 Malicious code in bsc-stdlib-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df99335a79394c76ec65c4c11bd937510961ba93b67e631d560753ab61a735b6 The OpenSSF Package Analysis project identified 'bsc-stdlib-polyfill' @ 0.0.1 npm as malicious. It is considered malicious because: - The packag...
Information Leakage
Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variabl...
SUSE CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
GHSA-G92J-QHMH-64V2 Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
DEBIAN-CVE-2024-38585
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc Pass userplen to memcpy instead of heap-len to prevent realloc from copying an extra sizeofheap bytes from beyond the allocated region...
CVE-2024-38585
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc Pass userplen to memcpy instead of heap-len to prevent realloc from copying an extra sizeofheap bytes from beyond the allocated region...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...