165 matches found
EUVD-2000-0999
Malware in sbrugna...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1818)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-1999-0767
Buffer overflow in Solaris libc, ufsrestore, and rcp via LCMESSAGES environmental variable...
CVE-1999-0318
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable...
Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)
The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...
[SECURITY] [DLA 4020-1] libreoffice security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4020-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 19, 2025 https://wiki.debian.org/LTS -...
LibreOffice Multiple Vulnerabilities (Jan 2025) - Mac OS X
LibreOffice is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
PT-2024-10221 · Document Foundation +5 · Libreoffice +5
Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to the exposure of environmental variables and arbitrary INI file values to an unauthorized actor. URLs could be constructed to expand these variables, potentially...
NATS Server Configuration Advice for Use With Veeam Backup for Microsoft 365
Purpose This article provides advice for optimizing NATS Server configuration when used in conjunction with Veeam Backup for Microsoft 365. Solution When Veeam Backup for Microsoft 365 is deployed using the included NATS Server, the system variable 'GOMEMLIMIT ' is set to 30% of the total system...
RHEL 7 : mod_fcgid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - modfcgid: modfcgid sets environmental variable based on user supplied Proxy request header CVE-2016-1000104 Note th...
RHEL 4 : python_cgihandler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Python CGIHandler: sets environmental variable based on user supplied Proxy request header CVE-2016-1000110 Note th...
GeoServer log file path traversal vulnerability
Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...
CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...
Atlassian Jira 8.6.0 < 8.7.2 DLL Hijacking
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.7.0. It is, therefore, affected by a vulnerability which permits when deployed onto the Windows operating system environment which allows local system attackers who ha...
GHSA-6HV3-7C34-4HX8 Hashicorp Nomad Information Exposure Through Environmental Variables
In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used...
SUSE: Security Advisory (SUSE-SU-2017:0114-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ZSQL: Audit File Path
The LOGHOME parameter specifies the storage path of the audit file. By default, the audit file is stored in the $GSDBDATA/log/audit directory. Note: The script compares the LOGHOME in DVPARAMETERS with the $GSDBDATA/log environmental variable. SPDX-FileCopyrightText: 2020 Greenbone AG Some text...