249 matches found
CLSA-2025-1757700003 glibc: Fix of CVE-2025-4802
CVE-2025-4802: prevent untrusted LDLIBRARYPATH from loading dynamically shared libraries in statically compiled binaries that call dlopen...
CVE-2025-10214
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2123)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2023-31210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2124)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
...
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1906)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-9330
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on th...
Alibaba Cloud Linux 3 : 0138: glibc (ALINUX3-SA-2025:0138)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0138 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-0395: When the assert function in...
EulerOS 2.0 SP11 : glibc (EulerOS-SA-2025-1925)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...
EulerOS 2.0 SP11 : glibc (EulerOS-SA-2025-1951)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...
EulerOS 2.0 SP13 : glibc (EulerOS-SA-2025-1974)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1988)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1925)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1951)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2025-1751891683 glibc: Fix of CVE-2025-4802
CVE-2025-4802: fix untrusted LDLIBRARYPATH environment variable vulnerability by properly sanitizing the dynamic shared library loading...
glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...
glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...
CLSA-2025-1750784684 Fix CVE(s): CVE-2025-4802
SECURITY UPDATE: Untrusted LDLIBRARYPATH environment variable vulnerability - debian/patches/any/CVE-2025-4802.patch: Ignore LDLIBRARYPATH and debug env var for setuid for static - CVE-2025-4802...