Search criteria
9 vulnerabilities found for shc by neurobin
FKIE_CVE-2025-9176
Vulnerability from fkie_nvd - Published: 2025-08-20 00:15 - Updated: 2025-09-12 14:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01 | Broken Link | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320557 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.320557 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.630744 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neurobin:shc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A40C4BFC-B756-41BD-ABF7-401FD22CB948",
"versionEndIncluding": "4.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited."
},
{
"lang": "es",
"value": "Se ha descubierto una falla de seguridad en neurobin shc hasta la versi\u00f3n 4.0.3. La funci\u00f3n \"make\" del archivo src/shc.c del componente Environment Variable Handler se ve afectada. La manipulaci\u00f3n resulta en la inyecci\u00f3n de comandos del sistema operativo. El ataque solo es posible con acceso local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-9176",
"lastModified": "2025-09-12T14:06:18.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T00:15:25.557",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.320557"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320557"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.630744"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-9175
Vulnerability from fkie_nvd - Published: 2025-08-19 23:15 - Updated: 2025-09-11 19:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087 | Broken Link | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320556 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.320556 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.630743 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neurobin:shc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A40C4BFC-B756-41BD-ABF7-401FD22CB948",
"versionEndIncluding": "4.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en neurobin shc hasta la versi\u00f3n 4.0.3. Este problema afecta a la funci\u00f3n make del archivo src/shc.c. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en la pila. El ataque solo puede ejecutarse desde un entorno local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-9175",
"lastModified": "2025-09-11T19:19:41.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-19T23:15:29.097",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.320556"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320556"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.630743"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-9174
Vulnerability from fkie_nvd - Published: 2025-08-19 23:15 - Updated: 2025-09-15 19:54
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96 | Broken Link | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320555 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.320555 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.630742 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neurobin:shc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A40C4BFC-B756-41BD-ABF7-401FD22CB948",
"versionEndIncluding": "4.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en neurobin shc hasta la versi\u00f3n 4.0.3. Esta vulnerabilidad afecta la funci\u00f3n \"make\" del archivo src/shc.c del componente Filename Handler. La manipulaci\u00f3n puede provocar la inyecci\u00f3n de comandos del sistema operativo. El ataque solo puede ejecutarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-9174",
"lastModified": "2025-09-15T19:54:39.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-19T23:15:28.873",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.320555"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320555"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.630742"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-9176 (GCVE-0-2025-9176)
Vulnerability from cvelistv5 – Published: 2025-08-19 23:32 – Updated: 2025-08-20 15:15
VLAI?
Title
neurobin shc Environment Variable shc.c make os command injection
Summary
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:58:23.592118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:15:58.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Environment Variable Handler"
],
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in neurobin shc bis 4.0.3 entdeckt. Dabei geht es um die Funktion make der Datei src/shc.c der Komponente Environment Variable Handler. Die Bearbeitung verursacht os command injection. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T23:32:07.022Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320557 | neurobin shc Environment Variable shc.c make os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320557"
},
{
"name": "VDB-320557 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320557"
},
{
"name": "Submit #630744 | shc \u003c=4.0.3 Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630744"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc Environment Variable shc.c make os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9176",
"datePublished": "2025-08-19T23:32:07.022Z",
"dateReserved": "2025-08-19T14:00:30.542Z",
"dateUpdated": "2025-08-20T15:15:58.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9175 (GCVE-0-2025-9175)
Vulnerability from cvelistv5 – Published: 2025-08-19 23:02 – Updated: 2025-08-20 15:16
VLAI?
Title
neurobin shc shc.c make stack-based overflow
Summary
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9175",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:58:46.105319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:07.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in neurobin shc bis 4.0.3 gefunden. Es geht dabei um die Funktion make der Datei src/shc.c. Die Ver\u00e4nderung resultiert in stack-based buffer overflow. Der Angriff muss lokal erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T23:02:07.237Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320556 | neurobin shc shc.c make stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320556"
},
{
"name": "VDB-320556 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320556"
},
{
"name": "Submit #630743 | shc \u003c=4.0.3 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630743"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc shc.c make stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9175",
"datePublished": "2025-08-19T23:02:07.237Z",
"dateReserved": "2025-08-19T14:00:27.178Z",
"dateUpdated": "2025-08-20T15:16:07.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9174 (GCVE-0-2025-9174)
Vulnerability from cvelistv5 – Published: 2025-08-19 22:32 – Updated: 2025-08-20 15:16
VLAI?
Title
neurobin shc Filename shc.c make os command injection
Summary
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9174",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:59:05.378208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:13.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Filename Handler"
],
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In neurobin shc bis 4.0.3 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion make der Datei src/shc.c der Komponente Filename Handler. Die Manipulation f\u00fchrt zu os command injection. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T22:32:08.348Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320555 | neurobin shc Filename shc.c make os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320555"
},
{
"name": "VDB-320555 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320555"
},
{
"name": "Submit #630742 | shc \u003c=4.0.3 Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630742"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc Filename shc.c make os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9174",
"datePublished": "2025-08-19T22:32:08.348Z",
"dateReserved": "2025-08-19T14:00:14.050Z",
"dateUpdated": "2025-08-20T15:16:13.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9176 (GCVE-0-2025-9176)
Vulnerability from nvd – Published: 2025-08-19 23:32 – Updated: 2025-08-20 15:15
VLAI?
Title
neurobin shc Environment Variable shc.c make os command injection
Summary
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:58:23.592118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:15:58.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Environment Variable Handler"
],
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in neurobin shc bis 4.0.3 entdeckt. Dabei geht es um die Funktion make der Datei src/shc.c der Komponente Environment Variable Handler. Die Bearbeitung verursacht os command injection. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T23:32:07.022Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320557 | neurobin shc Environment Variable shc.c make os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320557"
},
{
"name": "VDB-320557 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320557"
},
{
"name": "Submit #630744 | shc \u003c=4.0.3 Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630744"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-of-env-in-shc-4-0-3-249c693918ed80c997f4e9420f945d01"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc Environment Variable shc.c make os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9176",
"datePublished": "2025-08-19T23:32:07.022Z",
"dateReserved": "2025-08-19T14:00:30.542Z",
"dateUpdated": "2025-08-20T15:15:58.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9175 (GCVE-0-2025-9175)
Vulnerability from nvd – Published: 2025-08-19 23:02 – Updated: 2025-08-20 15:16
VLAI?
Title
neurobin shc shc.c make stack-based overflow
Summary
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9175",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:58:46.105319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:07.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in neurobin shc bis 4.0.3 gefunden. Es geht dabei um die Funktion make der Datei src/shc.c. Die Ver\u00e4nderung resultiert in stack-based buffer overflow. Der Angriff muss lokal erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T23:02:07.237Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320556 | neurobin shc shc.c make stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320556"
},
{
"name": "VDB-320556 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320556"
},
{
"name": "Submit #630743 | shc \u003c=4.0.3 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630743"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Stack-Overflow-in-shc-4-0-3-249c693918ed804b8c44ee11eb0af087"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc shc.c make stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9175",
"datePublished": "2025-08-19T23:02:07.237Z",
"dateReserved": "2025-08-19T14:00:27.178Z",
"dateUpdated": "2025-08-20T15:16:07.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9174 (GCVE-0-2025-9174)
Vulnerability from nvd – Published: 2025-08-19 22:32 – Updated: 2025-08-20 15:16
VLAI?
Title
neurobin shc Filename shc.c make os command injection
Summary
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
s0l42 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9174",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:59:05.378208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:13.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Filename Handler"
],
"product": "shc",
"vendor": "neurobin",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "s0l42 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In neurobin shc bis 4.0.3 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion make der Datei src/shc.c der Komponente Filename Handler. Die Manipulation f\u00fchrt zu os command injection. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T22:32:08.348Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320555 | neurobin shc Filename shc.c make os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320555"
},
{
"name": "VDB-320555 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320555"
},
{
"name": "Submit #630742 | shc \u003c=4.0.3 Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630742"
},
{
"tags": [
"exploit"
],
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-shc-4-0-3-249c693918ed8040abe3e636c7f18c96"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T16:05:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "neurobin shc Filename shc.c make os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9174",
"datePublished": "2025-08-19T22:32:08.348Z",
"dateReserved": "2025-08-19T14:00:14.050Z",
"dateUpdated": "2025-08-20T15:16:13.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}