16 matches found
CVE-2023-25164
Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli = 1.0.0 && 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a...
EUVD-2019-0648
Malware in sbrugna...
EUVD-2024-1194
Malicious code in bioql PyPI...
CVE-2019-15107
An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability...
CVE-2025-30222
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...
Security update for python-sentry-sdk (moderate)
openSUSE Security Update: Security update for python-sentry-sdk Announcement ID: openSUSE-SU-2024:0214-1 Rating: moderate References: 1228128 Cross-References: CVE-2024-40647 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: Thi...
Sensitive Information Disclosure
github.com/goreleaser/goreleaser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the change in log output level from DEBUG to INFO, which could allow an attacker with access to the build logs to view sensitive environment information when the go build output is...
Exploit for Injection in Atlassian Confluence_Data_Center
Project Introduction This project refers to the project of B...
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...
CVE-2019-14802
HashiCorp Nomad 0.5.0 through 0.9.4 fixed in 0.9.5 reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
CVE-2018-0664
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
This repository is an offensive tool for a vulnerability environment. It is a Docker-Compose file for a vulnerability environment. The repository contains a .gitignore file, a README.md file, and several other files that are used to configure the environment. The .gitignore file contains a list o...
CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow
SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow source: https://www.securityfocus.com/bid/656/info A buffer overflow vulnerability in sscw's handling of the HOME environment variable allows local users to gain root privileges. !/bin/bash Linux x86 exploit for /usr/bin/sccw on SuSE...
PT-2014-9086
Name of the Vulnerable Software and Affected Versions Bash versions prior to 4.2.45-alt2 Bash versions prior to 3.2.51-alt3 PAN-OS and Panorama versions 5.0.14 and earlier PAN-OS and Panorama versions 5.1.9 and earlier PAN-OS and Panorama versions 6.0.5 and earlier PAN-OS and Panorama versions...