Design/Logic Flaw

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga...

UBUNTU-CVE-2021-32747

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga...

CVE-2021-32747

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga...

CVE-2021-32747 Custom variable protection and blacklists can be circumvented

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga...

CVE-2021-32747

Icinga Web 2 had a vulnerability where custom variables (user-defined keys/values in configuration objects) could be exposed to unauthorized users for versions 2.0.0 through 2.8.2. The issue occurs because custom variables are displayed to logged-in users with access to the relevant hosts/service...

CVE-2021-32747

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga...

Variables maxIndex and minIndex in sortVaultsByDelta are uninitialized

Handle shw Vulnerability details Impact The sortVaultsByDelta function of Exposure does not properly initialize the maxIndex and minIndex variables. Consider an edge case where the delta of the three stable coins are all 0. The maxIndex and minIndex variables will be all 0 and vaultIndexes will b...

Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2021-2142)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the ParseCaffHeaderConfig function in the caff.c component of the WavPack audio codec allows a hacker to cause a service failure. This vulnerability stems from the use of uninitialized variables, which can be exploited by attackers.

The vulnerability of the ParseCaffHeaderConfig function in the caff.c component of the WavPack audio codec is related to the use of previously uninitialized variables. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a malicious .wav file...

The vulnerability of the ParseWave64HeaderConfig function in the wave64.c component of the WavPack audio codec, related to the use of previously uninitialized variables, allows a hacker to cause a service failure.

The vulnerability of the ParseWave64HeaderConfig function in the wave64.c component of the WavPack audio codec is related to the use of previously uninitialized variables. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a malicious .wav file...

EulerOS Virtualization 3.0.2.2 : ksh (EulerOS-SA-2021-2142)

According to the version of the ksh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to...

Advisory ROSA-SA-2021-1860

Software: ksh 20120801 OS: Cobalt 7.9 CVE-ID: CVE-2019-14868 CVE-Crit: HIGH CVE-DESC: a bug was discovered in ksh version 20120801 in the way certain environment variables are evaluated. An attacker could exploit this vulnerability to override or bypass environment restrictions to execute shell...

Advisory ROSA-SA-2021-1852

Software: hesiod 3.2.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10151 CVE-Crit: HIGH CVE-DESC: The hesiodinit function in lib / hesiod.c in Hesiod 3.2.1 compares EUID to UID to determine whether to use configurations from environment variables, allowing local users to gain privileges via 1 HESIODCONFIG or...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

The vulnerability of the ReadMATImageV4 function in the coders/mat.c component of the console-based ImageMagick graphics editor allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ReadMATImageV4 function in the ImageMagick console graphics editor’s coders/mat.c component is related to the use of previously uninitialized variables. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cau...

EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2021-2086)

According to the version of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate...

EulerOS Virtualization for ARM 64 3.0.2.0 : cups (EulerOS-SA-2021-2120)

According to the versions of the cups package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access...

TrippLite SU2200RTXL2Ua 跨站脚本漏洞

TrippLite The TrippLite SU2200RTXL2Ua is a double conversion UPS system from TrippLite USA. Used for critical servers, network and telecom equipment. The TrippLite SU2200RTXL2Ua suffers from a cross-site scripting vulnerability that stems from a stored cross-site scripting XSS vulnerability found...

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option known as `CURLOPT_TELNETOPTIONS` in libcurl is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables libcurl could be made to pass on uninitialized data from a stack based buffer to the server resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

...

Arbitrary Command Execution

rssh is vulnerable to arbitrary command execution. An attacker is able to bypass restrictions imposed by rssh due to insufficient sanitization of environment variables that are passed to rsync, resulting in the execution of arbitrary shell commands...