CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

UBUNTU-CVE-2018-20821

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::Parser::parsecssvariablevalue in parser.cpp...

PT-2019-10260 · Sass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: LibSass versions 3.5.5 and earlier Description: The parsing component in LibSass allows attackers to cause a denial-of-service due to uncontrolled recursion in Sass::Parser::parse css variable value in parser.cpp. Recommendations: For LibSass...

CVE-2019-3902

Starting with version 1.5.3, Mercurial allows environment variable expansion on path names for sub repositories when creating it or cloning a parent repository, but it doesn't validate whether the final path name outside the repository root directory. An attacker can leverage this weakness using ...

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2019:0931-1)

This update for openldap2 fixes the following issues : Security issues fixed : CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed bsc1041764. CVE-2017-17740: Fixed a denial of service slapd crash via a member MODDN operation that could have been...

New Relic: Stored XSS at APM apps labels autocomplete dropdown (apps listing)

Hey team, I have discovered the stored XSS vulnerability triggered at APM apps labels autocomplete dropdown. Only admins are able to add labels to apps, so it seemed to me that this XSS impact is "admin to owner" only. But I googled a little and stumbled upon the NEWRELICLABELS environment variab...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

Command injection

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

The CVE-2019-3842 issue affects systemd’s pam_systemd, where improper sanitization of the XDG_SEAT environment variable could enable commands to be checked against polkit policies using the "allow_active" element instead of "allow_any" in some configurations. This is a local vulnerability (enviro...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

CVE-2019-3842

It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...

CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

PYSEC-2019-37

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

PYSEC-2019-107

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

Code injection

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...