49 matches found
OPENSUSE-SU-2026:11189-1 obs-service-appimage-0.12.4-1.1 on GA media
These are all security issues fixed in the obs-service-appimage-0.12.4-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-54672
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
CVE-2026-54672
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
CVE-2026-54672
CVE-2026-54672 : The issue affects electron-updater with AppImage targets built by app-builder-lib prior to 26.15.0. At runtime, an empty path component in LD_LIBRARY_PATH can cause the current working directory to be added to the dynamic linker search path, potentially enabling an attacker to pl...
PT-2026-54018
Name of the Vulnerable Software and Affected Versions electron-updater versions prior to 26.15.0 Description AppImage targets built by app-builder-lib can use an empty path component when setting the LD LIBRARY PATH environment variable at runtime. This behavior causes the current working directo...
Advisory ROSA-SA-2026-3297
CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...
Malicious code in twokey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...
MAL-2026-4697 Malicious code in twokey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...
CVE-2026-41525
KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...
EUVD-2020-17954
Malware in sbrugna...
EUVD-2020-17953
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-25266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that...
Linux Distros Unpatched Vulnerability : CVE-2020-25265
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name=...
SUSE CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2024-41817
A flaw was found in ImageMagick. The 'AppImage' version of ImageMagick, when executed with an empty path in the MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables, can load malicious configuration files or shared libraries in the current directory, resulting in arbitrary code execution...
UBUNTU-CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...