2626 matches found
SUSE CVE-2018-10992
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...
SUSE CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
SUSE CVE-2019-20433
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...
SUSE CVE-2020-15704
The modprobe child process in the ./debian/patches/loadpppgenericifneeded patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBEOPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2,...
SUSE CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. Impact The SYFTATTESTPASSWORD environment variable is for the syft attest command to generate attested SBOMs for the given container image...
GHSA-JP7V-3587-2956 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. Impact The SYFTATTESTPASSWORD environment variable is for the syft attest command to generate attested SBOMs for the given container image...
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...
Information Disclosure
github.com/anchore/syft is vulnerable to Information Disclosure. The vulnerability exists due to the SYFTATTESTPASSWORD environment variable in the syft logs leaking when -vv or -vvv are used in the syft command which is any log level = DEBUG and in the attestation or SBOM only when the syft-json...
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
AZL-13248 CVE-2022-4883 affecting package libXpm for versions less than 3.5.17-1
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...
CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...
CVE-2023-24827
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
Design/Logic Flaw
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
CVE-2023-24827 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
CVE-2023-24827 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
CVE-2023-24827 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
syft 日志信息泄露漏洞
syft is a CLI tool and Go library for generating a software bill of materials SBOM from container images and filesystems. A log message disclosure vulnerability exists in syft, which stems from a password disclosure stored in the SYFTATTESTPASSWORD environment variable...
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...