CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

CVE-2022-26707

CVE-2022-26707 relates to macOS Monterey 12.4 where the handling of environment variables had insufficient validation. The Red Hat/NVD entries confirm the issue and Apple’s advisory states it is fixed in macOS Monterey 12.4. The vulnerability could allow a user to view sensitive information due t...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-40979

CVE-2022-40979 affects JetBrains TeamCity prior to 2022.04.4. Multiple sources corroborate that the vulnerability can cause an information disclosure by logging environment variables of type “password” when a custom Perforce executable is used. The Red Hat entry and CNVD/CVE records describe the ...

Apple macOS Monterey 输入验证错误漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.4, which stems from an issue in the handling of environment variables and can be exploited by an attacker to view sensitiv...

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal version 2.2.4, which stems from prototype contamination via alias variables in babel.js...

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

Vault does not verify that tokens were transferred successfully.

Lines of code Vulnerability details Impact If for some reason the ERC20 transfer is temporarily failing, the user could call deposit for free or if calling withdraw the user would totally lose his allocation and funds. All the state variables would already have been updated at this stage, so he...

CVE-2022-40468

CVE-2022-40468 affects tinyproxy. The issue is a potential leak of left-over heap data when using custom error page templates with non-standard variables, caused by uninitialized buffers in process_request() and related header handling. Multiple advisories confirm risk across distros, including D...

PT-2022-25392 · Tinyproxy +2 · Tinyproxy +2

Name of the Vulnerable Software and Affected Versions: Tinyproxy versions prior to commit 84f203f Description: The issue is related to a potential leak of left-over heap data when custom error page templates containing special non-standard variables are used. This occurs because Tinyproxy commit...

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

State variables written after the call

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The external function burn updates state variables balance0 and balance1 after safeTransfer has been called. This could potentially be exploited as an attacker could call the burn function multiple time...

Information Disclosure

podman is vulnerable to information disclosure. The vulnerability exists due to an incorrect version of podman missing for the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056 allowing an attacker to gain access to sensitive information stored in environment variables...

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

CVE-2022-2739

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive...

CVE-2022-2739

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive...