Lucene search
K

770 matches found

Hacker One
Hacker One
added 2024/09/16 4:45 p.m.11 views

Internet Bug Bounty: `std::process::Command` batch files argument escaping could be bypassed with trailing whitespace or periods

The Rust Security Response WG disclosed a vulnerability in the std::process::Command module on Windows, where it incorrectly escaped arguments when invoking batch files. This allowed for bypassing the fix by including trailing whitespace or periods in the batch file name, which are ignored and...

10CVSS6.7AI score0.20342EPSS
Exploits10
Cvelist
Cvelist
added 2024/09/04 3:29 p.m.22 views

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

8.1CVSS0.20342EPSS
Exploits10References3
Debian CVE
Debian CVE
added 2024/09/04 3:29 p.m.18 views

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

8.8CVSS5.5AI score0.00744EPSS
Exploits10
AlpineLinux
AlpineLinux
added 2024/09/04 3:29 p.m.26 views

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

10CVSS7.5AI score0.20342EPSS
Exploits10References3
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.4 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Rust prior to 1.81.0 that stems from a fix that can be bypassed when a batch file name has trailing spaces or periods...

10CVSS7.9AI score0.20342EPSS
Exploits10References5
OSV
OSV
added 2024/07/10 8:15 a.m.8 views

DEBIAN-CVE-2024-39488

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add necessary padding bytes to bugtable entries, and as a result the last entry in a bug table will be ignored, potentially leading to a...

5.5CVSS6.1AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/10 7:14 a.m.36 views

CVE-2024-39488 arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add necessary padding bytes to bugtable entries, and as a result the last entry in a bug table will be ignored, potentially leading to a...

0.00237EPSS
Exploits0References8
OSV
OSV
added 2024/07/05 11:8 a.m.10 views

OESA-2024-1792 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some...

9.8CVSS6.8AI score0.01483EPSS
Exploits1References20
SUSE CVE
SUSE CVE
added 2024/07/04 4:24 a.m.3 views

SUSE CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.9AI score0.00428EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.4 views

Gin-Gonic CORS middleware security vulnerability

Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...

9.1CVSS6.7AI score0.00428EPSS
Exploits0References8
OSV
OSV
added 2024/06/09 7:15 p.m.6 views

AZL-42439 CVE-2024-5585 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

8.8CVSS6.5AI score0.28807EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40162 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal 8 core affected versions not specified Description: The issue concerns the file save upload function, which does not remove leading and trailing dots from filenames. This could allow users with file upload permissions, especially when...

6.6CVSS7AI score
Exploits0References4
OSV
OSV
added 2024/02/21 5:15 p.m.4 views

CVE-2024-1714

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 5:15 p.m.16 views

Cross site request forgery (csrf)

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

4.6CVSS6.8AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.5 views

PT-2024-18245 · Sailpoint · Identityiq Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IdentityIQ Lifecycle Manager affected versions not specified Description: An issue exists in IdentityIQ Lifecycle Manager where an entitlement with a value containing leading or trailing whitespace can be requested by an authenticated user in...

7.1CVSS6.7AI score0.00344EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2024/02/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

10CVSS7.8AI score0.35736EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.29 views

EulerOS Virtualization 2.11.0 : ntp (EulerOS-SA-2023-2765)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.35 views

EulerOS 2.0 SP11 : ntp (EulerOS-SA-2023-2658)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.23 views

EulerOS Virtualization 2.9.0 : ntp (EulerOS-SA-2023-2990)

According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
OSV
OSV
added 2023/11/09 5:15 p.m.1 views

UBUNTU-CVE-2023-45284

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...

5.3CVSS6.9AI score0.00903EPSS
Exploits0References6
Rows per page
Query Builder