Lucene search
K

167 matches found

Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.3 views

PT-2024-31779 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...

9.9CVSS8AI score0.00769EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.221 views

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...

10CVSS7.4AI score0.99999EPSS
Exploits147
NVD
NVD
added 2024/08/12 1:38 p.m.14 views

CVE-2024-42370

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS0.00614EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.4 views

Litestar 安全漏洞

Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar version 2.10.0 and prior versions that stems from vulnerability to environment variable injection attacks, leading to confidentiality disclosure and repository...

8.3CVSS6.6AI score0.00614EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/08/09 7:22 p.m.14 views

Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow

Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...

8.3CVSS8.5AI score0.00614EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/08/09 7:22 p.m.10 views

GHSA-4HQ2-RPGC-R8R7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow

Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...

8.3CVSS8.5AI score0.00614EPSS
Exploits0References6
CVE
CVE
added 2024/08/09 6:29 p.m.40 views

CVE-2024-42370

Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...

8.3CVSS8.4AI score0.00614EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/09 6:29 p.m.14 views

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS0.00614EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/09 6:29 p.m.14 views

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS8.3AI score0.00614EPSS
Exploits0References4
OSV
OSV
added 2024/08/09 6:29 p.m.12 views

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS7AI score0.00614EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.67 views

Nginx SSI Variable Injection

The scanner has detected in the installed Nginx instance that a user input is being treated as an nginx variable. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

7AI score
Exploits0References2
Cvelist
Cvelist
added 2020/10/01 5:25 p.m.33 views

CVE-2020-15228 Environment Variable Injection in GitHub Actions

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

3.5CVSS5.6AI score0.01501EPSS
Exploits2References2
OSV
OSV
added 2020/10/01 5:16 p.m.15 views

GHSA-MFWH-5M23-J46W Environment Variable Injection in GitHub Actions

Impact The @actions/core npm module addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modifie...

3.5CVSS5.4AI score0.01501EPSS
Exploits2References4
Exploit DB
Exploit DB
added 2020/07/08 12:0 a.m.215 views

Qmail SMTP 1.03 - Bash Environment Variable Injection

Exploit Title: Qmail SMTP 1.03 - Bash Environment Variable Injection Date: 2020-07-03 Exploit Author: 1F98D Original Authors: Mario Ledo, Mario Ledo, Gabriel Follon Version: Qmail 1.03 Tested on: Debian 9.11 x64 CVE: CVE-2014-6271 References: http://seclists.org/oss-sec/2014/q3/649...

10CVSS7AI score0.99999EPSS
Exploits130
CVE
CVE
added 2019/06/28 10:28 a.m.64 views

CVE-2019-12997

CVE-2019-12997 affects Loopchain up to version 2.2.1.3. The issue is a privilege-escalation via environment manipulation, specifically injection in the DEFAULT_SCORE_HOST environment variable, enabling a low-privilege shell user to escalate privileges. The vulnerability is described with high-sev...

9CVSS8.9AI score0.02077EPSS
Exploits1References1Affected Software1
Typo3
Typo3
added 2018/08/09 12:0 a.m.104 views

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

5.1CVSS3.5AI score0.50427EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/04/26 12:0 a.m.42 views

SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)

This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...

9.8CVSS7.1AI score0.03223EPSS
Exploits0References29
Veracode
Veracode
added 2018/01/05 8:28 a.m.16 views

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

6.1CVSS6.2AI score0.04471EPSS
Exploits1References7Affected Software2
UbuntuCve
UbuntuCve
added 2017/07/10 2:29 p.m.81 views

CVE-2017-11142

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/phpvariables.c...

7.8CVSS6.8AI score0.08255EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/07/27 12:0 a.m.39 views

TYPO3 Environment Variable Injection Vulnerability (Jul 2016)

TYPO3 is prone to an environment variable injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

8.1CVSS8.4AI score0.50427EPSS
Exploits0References2
Rows per page
Query Builder