9569 matches found
CVE-2025-43195
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...
InsydeH2O 安全漏洞
InsydeH2O is a customizable firmware codebase from China's Insyde Insyde Corporation. A security vulnerability exists in InsydeH2O, which originates from an arbitrary call to SmmSetVariable with unsanitized parameters in the SMI handler...
Important: mtr
Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
RockyLinux 9 : freetype (RLSA-2025:3407)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3407 advisory. freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files CVE-2025-27363 Tenable has extracted the...
CVE-2025-43195
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...
CVE-2025-43195
CVE-2025-43195 describes an environment-variable handling issue in macOS that could allow an app to access sensitive user data. The root cause is improper validation in how environment variables are processed, which was addressed by improved validation in the macOS updates. Affected products incl...
RLSA-2025:3407 Important: freetype security update
FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files...
RLSA-2025:3421 Important: freetype security update
FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files...
Linux PAM Environment - Variable Injection Local Privilege Escalation
Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...
easy-linux-pwn
This is a set of Linux binary exploitation tasks for beginners on various architectures. The tasks are designed to be solved using a suggested approach, even if there are other easier ways. The tasks assume a dynamically linked libc with a known binary and require the use of ROP Return-Oriented...
CVE-2025-42947
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on...
D-Link DIR-816L Command Injection Vulnerability
The D-Link DIR-816L is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816L 2.06B01 and earlier versions, which stems from the lxmldbcsystem function in the environment variable handling component failing to properly filter construct command...
CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service
Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...
CVE-2025-42947
CVE-2025-42947 concerns SAP FICA ODN framework. The vulnerability allows a high-privileged user to inject a value into a local variable, which can be executed by the application, potentially altering behavior. Impact is described as high integrity impact, low availability impact, and no confident...
SAP FICA ODN framework 代码注入漏洞
SAP FICA ODN framework is a component for generating official credential numbers from SAP, Germany. A code injection vulnerability exists in the SAP FICA ODN framework that originates from an elevated privilege user being able to inject the value of a local variable, potentially leading to...
DEBIAN-CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
AZL-65646 CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
AZL-65643 CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...