Lucene search
K

67 matches found

OSV
OSV
added 2024/09/15 12:6 a.m.5 views

OSV-2024-1071 Use-of-uninitialized-value in Poco::Dynamic::Var::~Var

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385 Crash type: Use-of-uninitialized-value Crash state: Poco::Dynamic::Var::Var void Poco::JSON::Object::doStringifystd::1::mapstd::1::basicstringchar, Poco::JWT::Serializer::serialize...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

AnythingLLM Operating System Command Injection Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an operating system command injection vulnerability that stems from improper handling of environment variables, leading to remote code execution...

9.8CVSS8.6AI score0.0097EPSS
Exploits1References3
OSV
OSV
added 2024/05/14 4:15 p.m.4 views

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ fo...

7.8CVSS6.2AI score0.00758EPSS
Exploits2References4
NVD
NVD
added 2024/05/14 4:15 p.m.44 views

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ fo...

7.8CVSS7.8AI score0.00758EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.6 views

PT-2024-18159 · Phoenix · Phoenix Securecore

Name of the Vulnerable Software and Affected Versions: Phoenix SecureCore for Intel Gemini Lake versions 4.1.0.1 through 4.1.0.566 Description: The issue is related to a potential buffer overflow in unsafe UEFI variable handling. Recommendations: For Phoenix SecureCore for Intel Gemini Lake...

7.5CVSS6.9AI score0.0024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.3 views

SUSE CVE-2015-1877

The opengenericxdgmime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file...

8.8CVSS7.4AI score0.03214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/23 6:59 p.m.5 views

CVE-2022-32786

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system...

6.2AI score0.02629EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/31 2:53 p.m.38 views

CVE-2022-31739

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when downloading files on Windows, the % character was not escaped, which could have led to a download incorrectly saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%...

8.8CVSS2.1AI score0.00662EPSS
Exploits0References3
Snyk
Snyk
added 2022/04/21 8:6 a.m.3 views

SQL Injection

Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...

7.5CVSS7.9AI score0.00857EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/03 12:0 a.m.4 views

PT-2021-5667 · Gerbv +3 · Gerbv +3

Name of the Vulnerable Software and Affected Versions: Gerbv versions 2.7.0 and dev commit b5f1eacd Gerbv forked version commit 71493260 Description: An out-of-bounds write issue exists in the RS-274X aperture macro variables handling functionality. This can be triggered by a specially-crafted...

10CVSS7.8AI score0.03064EPSS
Exploits8References56
OSV
OSV
added 2020/09/21 6:21 p.m.7 views

OPENSUSE-SU-2020:1497-1 Security update for singularity

This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...

8.8CVSS8.7AI score0.0204EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/08/20 12:0 a.m.4 views

The vulnerability of Visual Studio Code’s source editor lies in its error handling after a project is opened, allowing an attacker to execute arbitrary code.

The vulnerability of Visual Studio Code’s source editor is related to a error in variable handling after a project is opened. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

9CVSS7.6AI score0.03639EPSS
Exploits0References3
Veracode
Veracode
added 2020/04/01 12:37 a.m.24 views

Access Restriction Bypass

The Common UNIX Printing System CUPS is vulnerable to local privilege escalation to root due to insecure environment variable handling...

7.8CVSS3.8AI score0.00454EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2019/09/24 5:15 a.m.15 views

Design/Logic Flaw

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

7.2CVSS7.5AI score0.00356EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2019/09/24 5:15 a.m.21 views

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

7.8CVSS7.1AI score0.00356EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.5 views

The vulnerability of Visual Studio Code’s source editor, related to a bug in file handling after opening a project, allows attackers to modify file access rights and execute arbitrary code.

The vulnerability of Visual Studio Code’s source editor is related to a error in variable handling after a project is opened. Exploiting this vulnerability could allow an attacker to modify file access rights and execute arbitrary code...

9.3CVSS7.5AI score0.27705EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2018/09/22 12:0 a.m.447 views

Staubli Jacquard Industrial System JC6 Shellshock Vulnerability

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...

10CVSS0.1AI score0.99999EPSS
Exploits131
Prion
Prion
added 2017/11/01 5:29 p.m.18 views

Privilege escalation

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...

7.2CVSS7.9AI score0.00578EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/24 6:12 a.m.24 views

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

3.9AI score0.0047EPSS
Exploits1References5
OSV
OSV
added 2016/11/24 1:30 p.m.9 views

SUSE-SU-2016:2904-1 Security update for sudo

This update for sudo fixes the following security issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...

7.8CVSS5.8AI score0.00493EPSS
Exploits1References9
Rows per page
Query Builder