CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into...

CVE-2020-14370

An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...

Remote Code Execution (RCE)

apachesuperset is vulnerable to remote code execution RCE. Failure to validate a number of templated text fields allows an authenticated user to send malicious requests and gain access to Pythons os package in the web application process and access files, environment variables and process...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1100-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three...

CVE-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

PYSEC-2020-222

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

PT-2020-13798 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 0.37.1 Description: The issue allows an authenticated user to gain arbitrary access to Python's os package in the web application process. This enables the user to list and access files, environment variables...

BSA-2020-1081

Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell...

NewStart CGSL MAIN 4.05 : ksh Vulnerability (NS-SA-2020-0046)

The remote NewStart CGSL host, running version MAIN 4.05, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment...

Malicious Package in 1337qq-js

All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes: - Environment variables - Running processes - /etc/hosts - uname -a - npmrc file Recommendation Remove the packag...

Malicious Package

maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...

EulerOS 2.0 SP5 : ksh (EulerOS-SA-2020-1921)

According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...

GHSA-HWHQ-3HRJ-V6V5 cross-env.js is malware

The cross-env.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

cross-env.js is malware

The cross-env.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Nodesass is malware

The nodesass package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

GHSA-8GV6-G7VP-HR34 mysqljs is malware

The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

mysqljs is malware

The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

openSUSE Security Update : apache2 (openSUSE-2020-1285)

This update for apache2 fixes the following issues : - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/deb...

SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...

CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...