Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A flaw was found in the way the mbstring extension set global variables. A script which used the mbparsestr function to set global variables could be forced to enable the registerglobals configuration option, possibly resulting in global variable...

CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

RHEL 7 : ksh (RHSA-2020:1332)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1332 advisory. KornShell ksh is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell sh and includes many features o...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

DEBIAN-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

Design/Logic Flaw

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

UBUNTU-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

CVE-2019-14868 affects ksh (version 20120801). A flaw in how environment variables are evaluated lets an attacker override or bypass environment restrictions to execute shell commands. Public advisories (Debian, Mageia, CentOS, Fedora) confirm a fix in respective distros; patched releases mitigat...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

Deskpro has an unspecified vulnerability

Deskpro is a helpdesk software solution that helps companies manage communication with their customers and user base across multiple channels. A security vulnerability exists in Deskpro, which can be exploited by an attacker to abuse accessible variables in the context of code to implement native...

RHEL 7 : cups (RHSA-2020:1050)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1050 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups...

cups: Local privilege escalation to root due to insecure environment variable handling

It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the...

Cobertura Plugin File Execution Vulnerability

Cobertura is an open source tool that measures test coverage by inspecting the underlying code and observing what code is and is not executed when the test package is run. Cobertura Plugin has a file execution vulnerability that can be exploited by remote attackers with the help of specially...

CVE-2020-1753

A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw...

CVE-2020-5400 Cloud Controller logs environment variables from app manifests

Cloud Foundry Cloud Controller CAPI, versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected b...

ksh security update

20120801-140.0.1 - disable ASTnospawnveg for taskset workaround orabug 26754277 Red Hat Bug: 1295563 20120801-140 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790543...