Product update: Virtuozzo Hybrid Server 7.0 Update 14 (7.0.14-249)

The Update 14 for Virtuozzo Hybrid Server 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1127.8.2.vz7.151.14. Vulnerability id: PSBM-103700 VM migration by a non-root user could fail. Vulnerability id: PSBM-102841 Misconfiguring...

EulerOS 2.0 SP2 : ksh (EulerOS-SA-2020-1681)

According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...

Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-1681)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KatroLogger - KeyLogger For Linux Systems

KeyLogger for Linux Systems. Features Runs on GUI systems or CLI Sending data by email Dependencies curl libx11-dev Debian-Based libX11-devel RHEL-Based Compiling ./configure make make install Usage katrologger --output /path/file Send data by e-mail: katrologger --smtp-help Fixing problems...

CVE-2020-13223

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2...

Denial of service

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2...

CVE-2020-13223

CVE-2020-13223 affects HashiCorp Vault and Vault Enterprise. The issue arises from logging proxy environment variables that could reveal sensitive credentials. This is documented across multiple sources (e.g., NVD, osv, CNVD) with fixed versions identified as 1.3.6 and 1.4.2. Impact is informatio...

CVE-2020-13223

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2...

PT-2020-13380 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.3.6 HashiCorp Vault and Vault Enterprise versions prior to 1.4.2 Description: The issue concerns the logging of proxy environment variables that may contain sensitive credentials. This...

Unspecified Vulnerability in Facade Ignition for Laravel

Facade Ignition for Laravel is a customizable error page from Facade Belgium that runs in the Laravel web framework. A security vulnerability exists in Facade Ignition versions prior to 2.0.5 Laravel, which stems from the program not handling global variables get, post, cookie and env correctly. ...

Privilege Escalation

github.com/sympa-community/sympa is vulnerable to privilege escalation. The setuid wrappers does not clear environment variables, potentially allowing a local attacker to gain higher privileges...

Information Disclosure

aegir is vulnerable to Information Disclosure. Environmental variables in the browser bundle contains tokens and keys, which can be leaked during aegir publish or aegir build...

AEgir Information Disclosure Vulnerability (CNVD-2020-31168)

AEgir is a JavaScript project automation build package from Protocol Labs. An information disclosure vulnerability exists in aegir publish and aegir build in Aegir versions 21.7.0 through 21.10.1 excluding version 21.10.1. An attacker can use this vulnerability to obtain information about...

FreeBSD : sympa - Security flaws in setuid wrappers (61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9)

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers : - FastCGI wrappers - newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to...

macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6 Security Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple vulnerabilities: - In ksh version 20120801, a flaw was found in t...

Input validation

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...

GHSA-QFCV-5WHW-7PCW Exposure of Sensitive Information to an Unauthorized Actor in AEgir

Impact aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm. Patches The code has been patched, users should upgrade to = 21.10.1 Workarounds Run printenv to check your environment variables and revoke any secrets. For more information...

Exposure of Sensitive Information to an Unauthorized Actor in AEgir

Impact aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm. Patches The code has been patched, users should upgrade to = 21.10.1 Workarounds Run printenv to check your environment variables and revoke any secrets. For more information...

CVE-2020-11059 Exposure of Sensitive Information to an Unauthorized Actor in AEgir

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ksh Vulnerability (NS-SA-2020-0024)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...