Lucene search
K

58 matches found

Debian
Debian
added 2025/01/19 5:16 p.m.12 views

[SECURITY] [DLA 4020-1] libreoffice security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4020-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 19, 2025 https://wiki.debian.org/LTS -...

6.7CVSS7.2AI score0.00528EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/07 12:22 p.m.22 views

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.7CVSS0.00528EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 12:22 p.m.6 views

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.7CVSS6.7AI score0.00528EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.4 views

PT-2024-10221 · Document Foundation +5 · Libreoffice +5

Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to the exposure of environmental variables and arbitrary INI file values to an unauthorized actor. URLs could be constructed to expand these variables, potentially...

7.2CVSS5.7AI score0.00528EPSS
Exploits0References60
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-30549

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...

8.1CVSS5.9AI score0.00519EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-30742 · Laf · Laf

Name of the Vulnerable Software and Affected Versions: Laf versions prior to 1.0.0-beta.13 Description: Laf is a cloud development platform where the control of LAF app environment variables is not strict enough, potentially leading to sensitive information leakage in secret and configmap. This...

9.1CVSS8.8AI score0.00796EPSS
Exploits1References7
OSV
OSV
added 2023/11/06 1:15 p.m.2 views

UBUNTU-CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

8.5CVSS5.7AI score0.00452EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.7 views

PT-2023-5885 · Grub2 +10 · Grub2 +10

Name of the Vulnerable Software and Affected Versions: Grub2 affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Grub2's NTFS filesystem driver. This flaw may allow a physically present attacker to present a specially crafted NTFS file system image t...

8.3CVSS6.7AI score0.04852EPSS
Exploits2References112
Vulnrichment
Vulnrichment
added 2023/06/23 7:32 p.m.10 views

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

3.1CVSS3.8AI score0.00811EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/19 10:7 a.m.7 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

5.2AI score0.00584EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.10 views

CVE-2023-32983

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...

6.7AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/24 7:58 p.m.5 views

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

9.9CVSS7AI score0.00759EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.41 views

Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)

Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users...

4.3CVSS7.4AI score0.6477EPSS
Exploits4References4
Gentoo Linux
Gentoo Linux
added 2004/08/25 12:0 a.m.65 views

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

4.6CVSS6.2AI score0.00766EPSS
Exploits5
securityvulns
securityvulns
added 2001/04/09 12:0 a.m.35 views

Possible IE5.0 exposure of local environment variables

I ran across this today, anyone have any thoughts? I'm using a moderately patched IE 5.0 browser on NT 4.0 SP5 workstation. Couldn't find any reference to this in the archives, but maybe it's been covered before. I type in the url www.home.com/computername & press enter, then and IE actually...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/04/09 12:0 a.m.53 views

Дырка в Internet Explorer (local variable exposure)

При использовании URL типа http://www.evil.org/VAR можно получить значение переменной VAR...

0.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/05/11 12:0 a.m.29 views

Black Watch Labs Vulnerability Alert

Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 1999/12/01 12:0 a.m.33 views

netscape.4.x.java.txt

Netscape 4.x javascript security flaw Versions tested: Windows98/Netscape4.7,Windows95/Netscape4.05 Description: Credits to Henri Torgemane Netscape has a "persistent" navigator object, which means that any data put in the window.navigator object will be accessible to every other window as long a...

7.4AI score
Exploits0
Rows per page
Query Builder