58 matches found
[SECURITY] [DLA 4020-1] libreoffice security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4020-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 19, 2025 https://wiki.debian.org/LTS -...
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
PT-2024-10221 · Document Foundation +5 · Libreoffice +5
Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to the exposure of environmental variables and arbitrary INI file values to an unauthorized actor. URLs could be constructed to expand these variables, potentially...
PT-2024-30549
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...
PT-2023-30742 · Laf · Laf
Name of the Vulnerable Software and Affected Versions: Laf versions prior to 1.0.0-beta.13 Description: Laf is a cloud development platform where the control of LAF app environment variables is not strict enough, potentially leading to sensitive information leakage in secret and configmap. This...
UBUNTU-CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...
PT-2023-5885 · Grub2 +10 · Grub2 +10
Name of the Vulnerable Software and Affected Versions: Grub2 affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Grub2's NTFS filesystem driver. This flaw may allow a physically present attacker to present a specially crafted NTFS file system image t...
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...
CVE-2023-29545
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...
Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)
Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users...
Linux Kernel: Multiple information leaks
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...
Possible IE5.0 exposure of local environment variables
I ran across this today, anyone have any thoughts? I'm using a moderately patched IE 5.0 browser on NT 4.0 SP5 workstation. Couldn't find any reference to this in the archives, but maybe it's been covered before. I type in the url www.home.com/computername & press enter, then and IE actually...
Дырка в Internet Explorer (local variable exposure)
При использовании URL типа http://www.evil.org/VAR можно получить значение переменной VAR...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...
netscape.4.x.java.txt
Netscape 4.x javascript security flaw Versions tested: Windows98/Netscape4.7,Windows95/Netscape4.05 Description: Credits to Henri Torgemane Netscape has a "persistent" navigator object, which means that any data put in the window.navigator object will be accessible to every other window as long a...