CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

Command injection

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

The CVE-2019-3842 issue affects systemd’s pam_systemd, where improper sanitization of the XDG_SEAT environment variable could enable commands to be checked against polkit policies using the "allow_active" element instead of "allow_any" in some configurations. This is a local vulnerability (enviro...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

Code injection

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

PYSEC-2019-107

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

PYSEC-2019-37

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

CVE-2019-10844 affects Sony Neural Network Libraries (nnabla) – nbla/logger.cpp in libnnabla.a up to v1.0.14. The root cause is that code relies on the HOME environment variable, which is untrusted, enabling potential influence on behavior via the user’s HOME value. Public references in Red Hat a...

Sony Neural Network Libraries Input Validation Error Vulnerability

Neural Network Libraries is a deep learning framework designed for research, development and production. An input validation error vulnerability exists in nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries nnabla 1.0.14 and earlier. The vulnerability stems from the software's...

PT-2019-18719 · Green Hills +1 · Integrity Rtos +1

Name of the Vulnerable Software and Affected Versions: Green Hills INTEGRITY RTOS version 5.0.4 Description: An issue was discovered in the Interpeak IPCOMShell TELNET server. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to...

GHSA-3C87-R9F7-QFGQ Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

EUVD-2019-13103

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS attacks. The vulnerability exists as an off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to...