268 matches found
SUSE CVE-2010-3383
The 1 teamspeak and 2 teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3387
vdrleaktest in Video Disk Recorder VDR 1.6.0 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a...
SUSE CVE-2010-3384
The 1 torcs, 2 nfsperf, 3 accc, 4 texmapper, 5 trackgen, and 6 nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3386
usttrace in LTTng Userspace Tracer aka UST 0.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3394
The 1 texmacs and 2 tmmupadhelp scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3689
soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3998
The 1 banshee-1 and 2 muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GSTPLUGINPATH...
SUSE CVE-2010-3999
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-4000
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-4001
GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginni...
SUSE CVE-2010-4005
The 1 tomboy and 2 tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for...
SUSE CVE-2012-0883
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
SUSE CVE-2012-3381
sfcb in sblim-sfcb places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2017-1000366
glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...
SUSE CVE-2017-1000409
A buffer overflow in glibc 2.5 released on September 29, 2006 and can be triggered through the LDLIBRARYPATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...
SUSE CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...
Regular Expression Denial of Service (ReDoS)
Overview sisimai is a Ruby library for analyzing RFC5322 bounce emails and generating structured data from parsed results. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in the function toplain of the...
OESA-2022-2087 festival security update
Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface...
The vulnerability of the LD_LIBRARY_PATH environment variable allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the LDLIBRARYPATH environment variable in the GNU C Library is related to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of Perl interpreter modules, related to privilege management errors, allows attackers to execute arbitrary code.
The vulnerability of modules from the @INC directory in the Perl interpreter is related to privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary code using a Trojan virus program...