PT-2024-8544

Name of the Vulnerable Software and Affected Versions needrestart versions prior to 3.8 Module::ScanDeps versions prior to 3.8 Description The needrestart utility, versions prior to 3.8, contains a flaw due to improper handling of the PYTHONPATH environment variable. This allows local attackers t...

PT-2024-8540 · Unknown +3 · Needrestart +3

Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to an uncontrolled search path element in the needrestart utility. Exploitation of this issue may allow an attacker to execute arbitrary code in the context of the root user ...

CVE-2024-10934

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server...

CVE-2024-10934

CVE-2024-10934 affects OpenBSD NFS components (client and server) on OpenBSD 7.4 before errata 021 and 7.5 before errata 008, due to a mbuf double-free and use of an uninitialized variable in NFS server error handling. The vulnerability is tied to the same CVE entry across multiple feeds; patches...

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...

SUSE CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

PT-2024-8247

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 7.4 through 7.5 before errata 008 and 021 Description: The issue is related to a possible mbuf double free in the NFS client and server implementation, as well as the use of an uninitialized variable in error handling of the...

The vulnerability of the PL/Perl environment in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability in the PL/Perl environment of the PostgreSQL database management system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by modifying system environment variables, such as PATH...

USN-7049-2: PHP vulnerabilities

USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject...

USN-7109-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

FreeBSD : PostgreSQL -- PL/Perl environment variable changes execute arbitrary code (a03636f4-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a03636f4-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-7109-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7109-1 advisory. Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this...

The vulnerability of the ASMkern229A.dll library in the AutoCAD simulation, design, and drafting software allows a perpetrator to execute arbitrary code.

The vulnerability of the ASMkern229A.dll library in AutoCAD’s modeling, design, and drawing software relates to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created MODEL file...

PT-2024-8138

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue is related t...

PT-2025-11194 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable issue. This can be leveraged by a malicious actor to cause a crash,...

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

kernel: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

A vulnerability has been identified in the Linux kernel's Berkeley Packet Filter BPF subsystem. The flaw resides within the handling of PTRTOFLOWKEYS pointer to flow keys in the checkflowkeysaccess function. Specifically, while fixed offsets are validated for PTRTOFLOWKEYS, the system currently...

Decidim-Awesome has SQL injection in AdminAccountability

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...