Ensure That the LD_LIBRARY_PATH Environment Variable Is Correctly Defined

LDLIBRARYPATH is an environmental variable in Linux. When loading a dynamic link library, the program preferentially obtains the library from the path specified by LDLIBRARYPATH. Generally, LDLIBRARYPATH should not be set, because a maliciously set value will make the program link to an incorrect...

UBUNTU-CVE-2025-25475

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DICOM file...

PT-2024-17764 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic vulnerability was found in Emlog Pro, affecting an unknown functionality in the library /include/lib/common.php. The manipulation of the msg argument leads to cross site scripting. The...

CLSA-2024-1733429722 Fix CVE(s): CVE-2024-48992

SECURITY UPDATE: Arbitrary code execution via manipulated RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: Prevent script from setting RUBYLIB environment variable to avoid LPE - CVE-2024-48992...

CVE-2024-7253

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

UBUNTU-CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

PT-2024-8540 · Unknown +3 · Needrestart +3

Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to an uncontrolled search path element in the needrestart utility. Exploitation of this issue may allow an attacker to execute arbitrary code in the context of the root user ...

SUSE CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

CVE-2024-40721

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path...

CVE-2023-44439

Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit...

XunRuiCMS 安全漏洞

Xunrui Cloud Software Development XunRuiCMS Xunrui CMS is an open source content management system CMS from China's Xunrui Cloud Software Development Company. A security vulnerability exists in Xunrui CMS 4.6.3 and earlier versions, which originates from a cross-site scripting XSS vulnerability i...

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

UBUNTU-CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

PT-2023-23233 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.2.0p10 through 2.2.0p16 Description: The issue concerns the usage of user-controlled LD LIBRARY PATH in the agent of Checkmk, allowing a malicious Checkmk site user to escalate rights via the injection of malicious librarie...

Checkmk Security Vulnerabilities

Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.2.0p10 through 2.2.0p16, which stems from the use of user-controlled LDLIBRARYPATH in an agent, allowing an attacker to escalate privileges by injecting a malicious library...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

Diebold Nixdorf Vynamic View Console Code Issue Vulnerability

The Diebold Nixdorf Vynamic View Console is a system from Diebold Nixdorf that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A security vulnerability exists in Diebold Nixdorf Vynamic View Console v.5.3.1 and prior versions, which...