Path disclosure in JavaScript variable

Impact Path disclosure in JavaScript variable Patches Patch in PrestaShop 8.1.4 References https://owasp.org/www-community/attacks/FullPathDisclosure Thanks to https://github.com/hugo-fasone...

PT-2024-2571 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.14.2 Description: The issue is related to an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. This can cause a panic in Helm when either an index.yaml file or...

Use of Uninitialized Variable

Overview fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures. Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted a...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

Code injection

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 A PHP External Variable Modification vulnerab...

PT-2024-4011 · Less +9 · Less +9

Name of the Vulnerable Software and Affected Versions: less versions prior to 606 Description: The issue is related to the close altfile function in filename.c, which omits shell quote calls for LESSCLOSE. This can allow an attacker to execute arbitrary commands. Recommendations: For versions pri...

Exploit for PHP External Variable Modification in Juniper Junos

Note: !CAUTION ⚠️ Disclaimer: IMPORTANT: This script...

PT-2024-20764 · Mss · Mss

Name of the Vulnerable Software and Affected Versions: MSS Mission Support System versions prior to 8.3.3 Description: MSS is an open source package designed for planning atmospheric research flights. The issue concerns a method in the index.py file that is vulnerable to path manipulation attacks...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 This script provides an automated Proof of C...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845-6 CVE-2023-36845 and CVE-2023-36846 Juniper Jun...

SUSE CVE-2024-25443

An issue in the HuginBase::ImageVariable::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

CentOS 8 : glibc (CESA-2023:5455)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5455 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode vi...