353 matches found
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
Malicious Package
xpc.js is a malicious package. It contains malicious codes in its pre-install script that executes two malicious exe files containing Trojan malware...
Amazon Linux 2 : libosinfo (ALAS-2020-1527)
The version of libosinfo installed on the remote host is prior to 1.1.0-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1527 advisory. A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo- install-script', accep...
Security fix for the ALT Linux 9 package systemd version 1:243.9-alt1
1:243.9-alt1 built Oct. 6, 2020 Alexey Shabalin in task 258476 Oct. 3, 2020 Alexey Shabalin - 243.9 Fixes: CVE-2020-13776 - kernelinstalldir path /usr/lib/kernel/install.d - /lib/kernel/install.d - install kernel-install script to /sbin - move systemd-boot and bootctl utils to systemd-boot-efi...
Malicious Package in anarchy
All versions of anarchy contain malicious code. The package ran rm - rf / as an install script. Recommendation Remove the package from your environment...
Malicious Package in donotinstallthis
The package donotinstallthis contained malicious code. The package contained a script that was run as part of the install script. The script contacted a remote service tracking how many installations were done. There is no further compromise. Recommendation Remove the package from your environmen...
GHSA-2HQF-QQMQ-PGPP Malicious Package in commander-js
All versions of commander-js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads an arbitrary file and executes its contents as a post-install script. Recommendatio...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
F5 NGINX Controller Input Validation Error Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
Scientific Linux Security Update : libosinfo on SL7.x x86_64 (20200407)
Libosinfo: osinfo-install-script option leaks password via command line argument C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135815; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate",...
CentOS 7 : libosinfo (RHSA-2020:1051)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1051 advisory. - libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...
libosinfo security and bug fix update
1.1.0-5 - Resolves: rhbz1740212 - New defect found in libosinfo-1.1.0-4.el7 1.1.0-4 - Resolves: rhbz1727842 - CVE-2019-13313 libosinfo: osinfo-install-script option leaks password via command line argument...
Libosinfo: osinfo-install-script option leaks password via command line argument
A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...
MariaDB mysql_install_db Script Elevation of Privilege Vulnerability
The MariaDB database management system is a fork of MySQL, mainly maintained by the open source community under the GPL license. MariaDB is intended to be fully compatible with MySQL, including the API and command line, making it an easy replacement for MySQL. An elevation of privilege...
CVE-2019-19585
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...
DEBIAN-CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
Symlink reference outside of node_modules
Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of nodemodules. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin fie...
CVE-2014-0023
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution...
Design/Logic Flaw
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution...