7815 matches found
CVE-2021-3124
Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...
CVE-2021-3124
Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...
CVE-2021-3124
The CVE-2021-3124 entry relates to a stored XSS in the Robust.Systems product, specifically in the Custom Global Variables v1.0.5. The vulnerability is triggered via the vars[0][name] field, allowing an attacker to inject arbitrary code. Evidence from connected sources confirms the affected compo...
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2021-1342)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : perl (EulerOS-SA-2021-1342)
According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...
Oracle Linux 8 : container-tools:ol8 (ELSA-2021-0531)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0531 advisory. buildah 1.16.7-4.0.1 - Handling redirect from the docker registry Orabug: 29874238 Nikita Gerasimov 1.16.7-4 - update to the latest content of...
U.S. Dept Of Defense: critical information disclosure
Description: hey all , I have found critical information through this endpoint /██████; this endpoint contains all env vars used in a www.██████ such as server credentials, db ,mail , twitter clientid and clientsecret , facebook clientid and clientsecret, etc... Impact full access control on ever...
podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...
Moderate: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2021:0531 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API CVE-2020-14370 For more details about the security issues,...
CVE-2021-23337
A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables...
EulerOS 2.0 SP9 : ksh (EulerOS-SA-2021-1247)
According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...
EulerOS 2.0 SP9 : ksh (EulerOS-SA-2021-1266)
According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...
USN-4721-1: Flatpak vulnerability
Simon McVittie discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system a sandbox escape. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute...
USN-4721-1 flatpak vulnerability
Simon McVittie discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system a sandbox escape. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute...
flatpak: sandbox escape via spawn portal
A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set...
EulerOS 2.0 SP5 : perl (EulerOS-SA-2021-1222)
According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
flatpak: sandbox escape via spawn portal
A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set...
flatpak: sandbox escape via spawn portal
A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set...