CVE-2020-11059 Exposure of Sensitive Information to an Unauthorized Actor in AEgir

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ksh Vulnerability (NS-SA-2020-0024)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...

Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-1583)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : ksh (EulerOS-SA-2020-1583)

According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...

sympa - Security flaws in setuid wrappers

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers: FastCGI wrappers newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to make t...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

Security Update for Microsoft Visual Studio Code Python Extension (May 2020)

A remote code execution RCE vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged o...

Visual Studio Code Python Extension Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wi...

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

Klar - Integration Of Clair And Docker Registry

Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...

Integer overflow

bson before 0.8 incorrectly uses int rather than sizet for many variables, parameters, and return values. In particular, the bsonensurespace parameter bytesNeeded could have an integer overflow via properly constructed bson input...

CVE-2020-12135

bson before 0.8 incorrectly uses int rather than sizet for many variables, parameters, and return values. In particular, the bsonensurespace parameter bytesNeeded could have an integer overflow via properly constructed bson input...

CVE-2020-7261

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security ENS Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input...

Buffer overflow

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security ENS Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input...

CVE-2020-7261

CVE-2020-7261 affects McAfee Endpoint Security (ENS) in the AMSI component. A buffer overflow via environment variables in ENS prior to 10.7.0 (February 2020 Update) can allow a local attacker to disable Endpoint Security by supplying crafted input. The vulnerability is limited to local access (a...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A flaw in the Linux kernel's Stream Control Transmission Protocol SCTP implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addipenable" and "authenable" variables were turned on they are off by default...

Privilege Escalation

glibc is vulnerable to privilege escalation. It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on...

Arbitrary Code Execution

sudo is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set ...

Arbitrary Code Execution

java is vulnerable to arbitrary code execution. The vulnerability exists as potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code...

Information Disclosure

openjdk is vulnerable to information disclosure. An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private...