20 matches found
EUVD-2026-32930
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistent inheritance of LOGSUBDOMAINSOFF in landlock. This vulnerability may cause subprocesses to...
CVE-2026-45370
python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...
agent-skill-poc
Agent Skill POC - LLM-driven Interactive CLI Agent An LLM-dri...
Linux Distros Unpatched Vulnerability : CVE-2024-40647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite th...
OS Command Injection
github.com/charmbracelet/soft-serve is vulnerable to OS Command Injection. The vulnerability is due to improper environment variable handling due to Soft Serve passing all environment variables given by the client to git subprocesses. Attackers can use this to execute arbitrary code via environme...
SUSE CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
GHSA-G92J-QHMH-64V2 Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...
DEBIAN-CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
UBUNTU-CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647
CVE-2024-40647 affects the Python SDK for Sentry (sentry-sdk) prior to 2.8.0. With the Stdlib integration enabled by default, a bug causes environment variables to be passed to subprocesses in Python’s subprocess calls, even when env={} is specified. The issue is fixed in sentry-sdk 2.8.0 (and pa...
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
Lazygit - Simple Terminal UI For Git Commands
A simple terminal UI for git commands, written in Go with the gocui library. Are YOU tired of typing every git command directly into the terminal, but you're too stubborn to use Sourcetree because you'll never forgive Atlassian for making Jira? This is the app for you! Installation Homebrew brew...
Debian DSA-3517-1 : exim4 - security update
A local root privilege escalation vulnerability was found in Exim, Debian's default mail transfer agent, in configurations using the'perlstartup' option Only Exim via exim4-daemon-heavy enables Perl support. To address the vulnerability, updated Exim versions clean the complete execution...
perl: improper input validation
Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint...
Updated perl packages fix CVE-2016-2381
Updated perl packages fix security vulnerability: Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV,...
Moderate: Red Hat Security Advisory: python security, bug fix, and enhancement update
Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...
Simple Ruby Exec with Open and Pipe
I was researching something else and thought this was a cool way to execute a command through the open method in ruby: 1 | open"|CMD" ---|--- The key is starting the open with pipe. For example, 1 | open"|ls" ---|--- Or to exec and print the result in one line: 1 | open"|ls".each |out| puts out...