Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the...

GitLab: Bypass of GitLab CI runner slash fix in YAML validation

Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

Fedora 27 : libtomcrypt (2018-39e0872379)

Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...

CVE-2018-11049

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious co...

CVE-2018-11049

The CVE-2018-11049 entry describes an uncontrolled search path vulnerability affecting Dell RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG. Root cause: installation scripts set an environment variable in an unintended manner, enabling a local authenticated us...

EulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)

According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec CVE-2018-1124 - procps-ng, procps: incorrect integer size in...

Security Bulletin: IBM SONAS Administrator password can be read by the root user from the shell command history (CVE-2014-3045)

Summary A fix is available for IBM SONAS, for the security issue that after changing password of administrative user, the password can be read by the root user from the shell command history. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: Tivoli Storage Manager Server GSKit Encrypted Record Length Vulnerability (CVE-2012-2191)

Summary A vulnerability exists in the Tivoli Storage Manager server related to SSL/TLS Record Layer Processing CVE-2012-2191. Vulnerability Details A vulnerability CVE-2012-2191 exists in the IBM Tivoli Storage Manager TSM server when used with Secure Sockets Layer SSL. An included component of t...

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)

Summary IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SELECT statement with XML/XSLT function to read arbitrary text files owned by the DB2 instance owner. On Windows, the attacker is able to re...

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM WebSphere MQ. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by th...

openSUSE Security Update : xdg-utils (openSUSE-2018-573)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

Code injection

mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16057

nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

Code injection

d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands...

CVE-2018-1122

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...