Lucene search
K

4773 matches found

RedHat Linux
RedHat Linux
added 2016/08/18 8:25 p.m.4 views

CGIHandler: sets environmental variable based on user supplied Proxy request header

It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP...

6.1CVSS6.9AI score0.04526EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/16 12:0 a.m.36 views

JVN#03052683: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...

6.5CVSS6.3AI score0.01892EPSS
Exploits0
CNVD
CNVD
added 2016/08/15 12:0 a.m.2 views

IBM Spectrum Scale and GPFS Command Execution Vulnerabilities (CNVD-2016-06346)

IBM Spectrum Scale and IBM GPFS General Parallel File System are both products of IBM Corporation in the U.S. IBM GPFS is a set of enterprise file management systems optimized for petabyte-scale storage management.IBM Spectrum Scale is a set of IBM GPFS-based data and IBM Spectrum Scale is a data...

7CVSS6.9AI score0.00296EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/08/01 12:0 a.m.105 views

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

The OpenSSH project reports: sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari ...

7.8CVSS7.2AI score0.88944EPSS
Exploits12References1
OSV
OSV
added 2016/07/19 2:0 a.m.5 views

AZL-78994 CVE-2016-5386 affecting package golang 1.25.7-1

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS6.9AI score0.0522EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/07/19 12:0 a.m.44 views

Microsoft Windows Environment Variables

Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. C Tenable, Inc. include"compat.inc"; if description scriptid92364; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate",...

5.9AI score
Exploits0
CERT
CERT
added 2016/07/18 12:0 a.m.158 views

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTPPROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle MITM attacks on internal subrequests or to direct the server to initiate connection...

7.2AI score
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

Vulnerabilities of the Alt Linux SPT operating system, which allow a malicious attacker to disable the device’s functionality

Multiple vulnerabilities in the bash command-line interpreter of the Altron Linux SPT operating system are caused by errors in processing input data during syntax analysis of code. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary commands with the privileges of...

10CVSS7.7AI score0.99999EPSS
Exploits155References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.4 views

The vulnerability of Cisco IPS software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

10CVSS8.1AI score0.9994EPSS
Exploits17References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability of the Cisco Nexus 5000 software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

10CVSS8.5AI score0.99999EPSS
Exploits130References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.3 views

The vulnerability of the Cisco Unified Communications Manager software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025 and later, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions...

10CVSS8.3AI score0.9994EPSS
Exploits17References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

10CVSS8.1AI score0.9994EPSS
Exploits17References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of Cisco ACS software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...

10CVSS8.5AI score0.99999EPSS
Exploits130References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

Vulnerability of Cisco Nexus 7000 software, allowing attackers to access confidential information

The GNU Bash command shell, as of version 4.3 bash43-025 and later, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other undefined actions...

10CVSS8.3AI score0.9994EPSS
Exploits17References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

Vulnerability of Cisco ACS software, allowing a malicious individual to access confidential information

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

10CVSS8.1AI score0.9994EPSS
Exploits17References2
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.3 views

The vulnerability of the GNU Bash command-line interpreter allows a malicious actor to cause a service failure or execute arbitrary code.

The vulnerability of the GNU Bash command-line interpreter arises from errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows a malicious individual to execute arbitrary code with the privileges of the current user whenever the command-line...

10CVSS7.6AI score0.99999EPSS
Exploits155References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/06/22 12:0 a.m.30 views

OracleVM 3.2 : sudo (OVMSA-2016-0079)

The remote OracleVM system is missing necessary patches to address critical security updates : - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210 - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-277...

6.9CVSS6.1AI score0.03202EPSS
Exploits10References6
OSV
OSV
added 2016/06/08 10:46 a.m.9 views

SUSE-SU-2016:1528-1 Security update for openssh

openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...

9.8CVSS7.5AI score0.37016EPSS
Exploits13References14
RedHat Linux
RedHat Linux
added 2016/06/06 7:6 p.m.4 views

jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS5.9AI score0.02142EPSS
Exploits0References5
NVD
NVD
added 2016/05/17 2:8 p.m.20 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS6.7AI score0.02142EPSS
Exploits0References6
Rows per page
Query Builder