RUSTSEC-2020-0071 Potential segfault in the time crate

Impact The affected functions set environment variables without synchronization. On Unix-like operating systems, this can crash in multithreaded programs. Programs may segfault due to dereferencing a dangling pointer if an environment variable is read in a different thread than the affected...

Ivanti Endpoint Manager Unauthorized Access Vulnerability

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti, USA. An unauthorized access vulnerability exists in Ivanti Endpoint Manager version 2020.1.1 and prior versions, which originates in /ldclient/ldprov.cgi, and can be exploited by an attacker to disclose information...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by an Array index error in the ConnectIQ TVM. The attacker must upload a malicious ConnectIQ application to the ConnectIQ store; the interpreter trusts an offset for the stack value duplication instruction (DUP) that is unchecked, allowing memory befo...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

Authentication flaw

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti, USA. An unauthorized access vulnerability exists in Ivanti Endpoint Manager version 2020.1.1 and prior versions, which originates in /ldclient/ldprov.cgi, and can be exploited by an attacker to disclose information...

Vulnerability in client (CVE-2020-25696)

psql's \gset allows overwriting specially treated variables The \gset meta-command, which sets psql variables based on query results, does not distinguish variables that control psql behavior. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute...

RHEL 7 : podman (RHSA-2020:5056)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5056 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API

An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...

Moderate: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

openSUSE Security Update : pacemaker (openSUSE-2020-1825)

This update for pacemaker fixes the following issues : - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate bsc1175557 - extra: remove trailing whitespace from...

EulerOS Virtualization 3.0.6.6 : ksh (EulerOS-SA-2020-2446)

According to the version of the ksh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to...

CloudBees Jenkins Kubernetes Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An information disclosure...

GitLab code issue vulnerability (CNVD-2020-70853)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab CE/EE version...

CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

Code injection

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...