CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

CVE-2024-42081

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xedevcoredump: Check NULL before assignments Assign 'xedevcoredumpsnapshot ' and 'xedevice ' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.Ashutosh/Jose v4 - Drop return check...

CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

EUVD-2024-39202

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

CVE-2024-42081

CVE-2024-42081 affects the Linux kernel component drm/ xe/ xe_devcoredump. The root cause was assigning xe_devcoredump_snapshot* and xe_device* unconditionally; the fix adds a NULL check and only assigns these pointers when coredump is not NULL. CVSS: Low-Privilege Local access with Medium overal...

CVE-2024-42029

xdg-desktop-portal-hyprland aka an XDG Desktop Portal backend for Hyprland before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the need for instance variables to be symbolic in error handling...

CVE-2024-42029

xdg-desktop-portal-hyprland aka an XDG Desktop Portal backend for Hyprland before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment...

PT-2024-29694 · Unknown · Xdg-Desktop-Portal-Hyprland

Name of the Vulnerable Software and Affected Versions: xdg-desktop-portal-hyprland versions prior to 1.3.3 Description: The issue allows OS command execution due to the lack of single quotes when sending a list of app IDs and titles via the environment. This can be exploited because of how the...

quarkus-core: Leak of local configuration properties into Quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

CVE-2024-6972

CVE-2024-6972 affects Octopus Server. Under certain circumstances, sensitive variables can be printed in clear-text in task logs. The CVSS v3.1 base score is 6.5 (MEDIUM) with high impact on confidentiality; exploitation requires no user interaction but does not require network access (attack vec...

PT-2024-38011 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows sensitive variables to be printed in the task log in clear-text under certain circumstances. Recommendations: At the moment, there is no information about a newer...

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from the fact that under certain circumstances, sensitive variables may be printed in plaintext in the task log...

USN-6912-1: provd vulnerability

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges...

USN-6912-1 provd vulnerability

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges...