2646 matches found
CVE-2018-10992
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...
CVE-2019-3902
Starting with version 1.5.3, Mercurial allows environment variable expansion on path names for sub repositories when creating it or cloning a parent repository, but it doesn't validate whether the final path name outside the repository root directory. An attacker can leverage this weakness using ...
New Relic: Stored XSS at APM apps labels autocomplete dropdown (apps listing)
Hey team, I have discovered the stored XSS vulnerability triggered at APM apps labels autocomplete dropdown. Only admins are able to add labels to apps, so it seemed to me that this XSS impact is "admin to owner" only. But I googled a little and stumbled upon the NEWRELICLABELS environment variab...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
Command injection
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
CVE-2019-3842
The CVE-2019-3842 issue affects systemd’s pam_systemd, where improper sanitization of the XDG_SEAT environment variable could enable commands to be checked against polkit policies using the "allow_active" element instead of "allow_any" in some configurations. This is a local vulnerability (enviro...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
CVE-2019-3842
It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
Code injection
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
CVE-2019-10844
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
PYSEC-2019-37
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
PYSEC-2019-107
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
CVE-2019-10844
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
CVE-2019-10844
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...
CVE-2019-10844
CVE-2019-10844 affects Sony Neural Network Libraries (nnabla) – nbla/logger.cpp in libnnabla.a up to v1.0.14. The root cause is that code relies on the HOME environment variable, which is untrusted, enabling potential influence on behavior via the user’s HOME value. Public references in Red Hat a...
Sony Neural Network Libraries Input Validation Error Vulnerability
Neural Network Libraries is a deep learning framework designed for research, development and production. An input validation error vulnerability exists in nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries nnabla 1.0.14 and earlier. The vulnerability stems from the software's...
PT-2019-18719 · Green Hills +1 · Integrity Rtos +1
Name of the Vulnerable Software and Affected Versions: Green Hills INTEGRITY RTOS version 5.0.4 Description: An issue was discovered in the Interpeak IPCOMShell TELNET server. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to...