CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

Design/Logic Flaw

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

CVE-2020-9934

CVE-2020-9934 describes a local macOS/TCC bypass via environment-variable poisoning. The root issue is how tccd expands HOME/USER home paths to locate the TCC.db, enabling an attacker with local access to plant a malicious TCC database and alter an app’s entitlements (e.g., microphone/camera) wit...

CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

Malicious Package

nodetest1010 is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...

Malicious Package

nodetest199 is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...

CVE-2020-9934 - macOS Transparency, Consent, and Control (TCC) Framework bypass

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. Recent assessments: busterb at August 03, 2020 10:42p...

Malicious Package

Overview All versions of npmpubman contain malicious code. The index.js file sends local environment variables to a remote server. The file is not run upon installation - the package needs to be required or the index.js run manually. Recommendation Remove the package from your environment and...

CVE-2020-7330

Privilege Escalation vulnerability in McAfee Total Protection MTP trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables...

CVE-2020-7330

Privilege Escalation vulnerability in McAfee Total Protection MTP trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables...

Privilege escalation

Privilege Escalation vulnerability in McAfee Total Protection MTP trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables...

OPENSUSE-SU-2020:1646-1 Security update for grafana

This update for grafana fixes the following issues: Update to version 7.1.5: Features / Enhancements - Stats: Stop counting the same user multiple times. - Field overrides: Filter by field name using regex. - AzureMonitor: map more units. - Explore: Don't run queries on datasource change. - Graph...

Security update for grafana (moderate)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2020:1611-1 Rating: moderate References: 1044444 1044933 1115960 1170557 Cross-References: CVE-2018-19039 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: openSUSE Backports SLE-15-SP1 An update that...

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...

Environment Variables Tampering

@actions/core allows tampering of environment variables. The addPath and exportVariable functions that communicate with the Actions Runner over stdout allows the unauthorized modification of the path or environment variables...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability (cisco-sa-xbace-OnCEbyS)

According to its self-reported version, Cisco IOS XE Software is affected by a arbitrary code execution vulnerability, due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An authenticated, local attacker could exploit this vulnerability by installing...

Design/Logic Flaw

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

Improper Input Validation

In the @actions/core npm module, addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified...

Ubuntu: Security Advisory (USN-4552-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...