CVE-2026-33092

CVE-2026-33092 affects Acronis True Image OEM (macOS) before build 42571 and Acronis True Image (macOS) before build 42902. It is a local privilege escalation caused by improper handling of environment variables, with CVSSv3.0 vector LOCAL/LOW/PR:L/UI:N and impact on confidentiality, integrity, a...

CVE-2026-33092

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM macOS before build 42571, Acronis True Image macOS before build 42902...

OESA-2026-1593 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

CVE-2023-54279

CVE-2023-54279 concerns the Linux kernel MIPS fw handling when firmware passes an empty environment. The issue arises in fw_getenv, which uses an env entry to determine the style of env data; firmware may supply an empty list, risking a null pointer dereference if code path assumes a non-empty fi...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 PYTHONPATH Hijack - Privilege Escalation Exploi...

Linux Distros Unpatched Vulnerability : CVE-2019-14868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...

CVE-2025-7971 Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash...

CVE-2025-7971 Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash...

OS Command Injection

github.com/charmbracelet/soft-serve is vulnerable to OS Command Injection. The vulnerability is due to improper environment variable handling due to Soft Serve passing all environment variables given by the client to git subprocesses. Attackers can use this to execute arbitrary code via environme...

SUSE CVE-2015-3159

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges...

DEBIAN-CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

UBUNTU-CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

SUSE CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

CentOS 7 : cups (RHSA-2020:1050)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1050 advisory. - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. CVE-2018-4180, CVE-2018-41...

DEBIAN-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

UBUNTU-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

PT-2019-4758 · Python +2 · Pam-Python +2

Name of the Vulnerable Software and Affected Versions: pam-python versions prior to 1.0.7-1 Description: The issue is related to insecure privilege management in the pam-python PAM module, which allows an attacker to escalate privileges using a specially crafted binary file with the setuid flag...

USN-3834-1 perl vulnerabilities

Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-18311 Eiichi Tsukata discovered that Perl incorrectly handled certain regular expression...

UBUNTU-CVE-2014-1845

An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment...

UBUNTU-CVE-2017-15566

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...