Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.9 and Red Hat build of Keycloak 26.2.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

CVE-2025-10634 D-Link DIR-823X Environment Variable goahead sub_412E7C command injection

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10634 D-Link DIR-823X Environment Variable goahead sub_412E7C command injection

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

PT-2025-38294

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126, 240802, and 250416 Description A weakness exists in the Environment Variable Handler component of the D-Link DIR-823X router. Manipulation of the terminal addr, server ip, or server port argument within the sub...

Apple macOS Tahoe environment variable mishandling vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Apple macOS 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Erlang/OTP (Erlang OTP) Httpd CGI Scripts Environment Variable Pollution Vulnerability (Sep 2025, httpoxy) - Linux

Erlang/OTP Erlang OTP is prone to a Httpd CGI scripts environment variable pollution vulnerability in the inets component dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Erlang/OTP (Erlang OTP) Httpd CGI Scripts Environment Variable Pollution Vulnerability (Sep 2025, httpoxy) - Windows

Erlang/OTP Erlang OTP is prone to a Httpd CGI scripts environment variable pollution vulnerability in the inets component dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Linux Distros Unpatched Vulnerability : CVE-2017-17535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

TinyEnv 安全漏洞

TinyEnv is an environment variable loader for Dat Duy Personal Developer. A security vulnerability exists in TinyEnv versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, which stems from a checking deficiency in the .env file that could lead to unsafe default configurations...

Linux Distros Unpatched Vulnerability : CVE-2017-17522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Linux Distros Unpatched Vulnerability : CVE-2017-17524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Linux Distros Unpatched Vulnerability : CVE-2018-18249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the...

Linux Distros Unpatched Vulnerability : CVE-2017-17529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - af/util/xp/utgofile.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might all...

Linux Distros Unpatched Vulnerability : CVE-2017-17515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...