Lucene search
K

2668 matches found

SUSE CVE
SUSE CVE
added 2025/02/14 5:32 a.m.3 views

SUSE CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7.2CVSS7.2AI score0.00404EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.5 views

PT-2025-23640

Name of the Vulnerable Software and Affected Versions Jupyter Core versions prior to 5.8.0 Description The issue affects Jupyter Core on Windows, where the shared %PROGRAMDATA% directory is searched for configuration files, potentially allowing users to create files that impact other users. This ...

7.3CVSS5.3AI score0.00153EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.7 views

Azure Linux 3.0 Security Update: less (CVE-2024-32487)

The version of less installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32487 advisory. - less through 653 allows OS command execution via a newline character in the name of a file, because quoting is...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:21 p.m.7 views

CVE-2022-2653

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

7.1CVSS6.5AI score0.00785EPSS
Exploits1References1
OSV
OSV
added 2025/02/05 9:18 p.m.2 views

GHSA-G6QQ-C9F9-2772 Keycloak on Quarkus CLI option for encrypted JGroups ignored

The env option KCCACHEEMBEDDEDMTLSENABLED does not work and the jgroups replication configuration is always used in plain. This option worked before in 24 and 22. More info in public issue https://github.com/keycloak/keycloak/issues/34644...

5.7CVSS5.9AI score0.00267EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/02/05 9:2 p.m.11 views

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:0 p.m.13 views

CVE-2022-46179

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

9.2CVSS6.8AI score0.00331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:32 p.m.10 views

CVE-2022-39321

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

9.9CVSS7AI score0.01474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 p.m.8 views

CVE-2020-15272

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

9.6CVSS7.5AI score0.01161EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:10 p.m.18 views

CVE-2020-11059

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...

9.6CVSS6.6AI score0.0112EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/05 1:53 p.m.5 views

logback-core: arbitrary code execution via JaninoEventEvaluator

A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...

5.9CVSS7.5AI score0.00404EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 9:53 a.m.12 views

CVE-2024-3104

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

9.8CVSS8.1AI score0.0097EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:0 a.m.17 views

CVE-2024-38811

VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...

8.8CVSS7.2AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:26 a.m.5 views

CVE-2024-42370

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS7AI score0.00614EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/03 10:34 p.m.24 views

ZX Allows Environment Variable Injection for dotenv API

Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...

1CVSS7.2AI score0.00178EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/02/03 9:15 p.m.7 views

CVE-2025-24959

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

1CVSS0.00178EPSS
Exploits0References2
CVE
CVE
added 2025/02/03 8:48 p.m.87 views

CVE-2025-24959

CVE-2025-24959 affects zx (versions prior to 8.3.2) due to an Environment Variable Injection flaw in dotenv.stringify, allowing an attacker controlling environment variable values to inject variables into process.env. Impact can include arbitrary command execution or unexpected behavior in securi...

1CVSS6.8AI score0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/03 8:48 p.m.10 views

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

1CVSS6.7AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/03 8:48 p.m.20 views

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

1CVSS0.00178EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 8:47 a.m.2 views

SUSE-SU-2025:20007-1 Security update for less

This update for less fixes the following issues: - CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849...

8.6CVSS6.8AI score0.00628EPSS
Exploits0References3
Rows per page
Query Builder